Technical Reference: Base Operating System and Extensions, Volume 1

ckuserID Subroutine

Purpose

Authenticates the user.

Note: This subroutine is obsolete and is provided for backwards compatibility. Use the authenticate (authenticate Subroutine) subroutine, instead.

Syntax

#include <login.h> int ckuserID ( User, Mode) int Mode; char *User;

The ckuserID subroutine authenticates the account specified by the User parameter. The mode of the authentication is given by the Mode parameter. The login and su commands continue to use the ckuserID subroutine to process the /etc/security/user auth1 and auth2 authentication methods.

The ckuserID subroutine depends on the authenticate (authenticate Subroutine) subroutine to process the SYSTEM attribute in the /etc/security/user file. If authentication is successful, the passwdexpired (passwdexpired Subroutine) subroutine is called.

Errors caused by grammar or load modules during a call to the authenticate subroutine are displayed to the user if the user was authenticated. These errors are audited with the USER_Login audit event if the user failed authentication.

Parameters

User

Specifies the name of the user to be authenticated.

Mode

Specifies the mode of authentication. This parameter is a bit mask and may contain one or more of the following values, which are defined in the login.h file:

S_PRIMARY: The primary authentication methods defined for the User parameter are checked. All primary authentication checks must be passed.
S_SECONDARY: The secondary authentication methods defined for the User parameter are checked. Secondary authentication checks are not required to be successful.

Primary and secondary authentication methods for each user are set in the /etc/security/user file by defining the auth1 and auth2 attributes. If no primary methods are defined for a user, the SYSTEM attribute is assumed. If no secondary methods are defined, there is no default.

Security

Files Accessed:

Mode	File
r	/etc/passwd
r	/etc/security/passwd
r	/etc/security/user
r	/etc/security/login.cfg

Return Values

If the account is valid for the specified usage, the ckuserID subroutine returns a value of 0. Otherwise, a value of -1 is returned and the errno global variable is set to indicate the error.

Error Codes

The ckuserID subroutine fails if one or more of the following are true:

ESAD	Security authentication failed for the user.
EINVAL	The Mode parameter is neither S_PRIMARY nor S_SECONDARY or the Mode parameter is both S_PRIMARY and S_SECONDARY.

Implementation Specifics

This subroutine is part of Base Operating System (BOS) Runtime.

Related Information

The authenticate (authenticate Subroutine) subroutine, ckuseracct (ckuseracct Subroutine) subroutine, getpcred (getpcred Subroutine) subroutine,getpenv (getpenv Subroutine) subroutine, passwdexpired (passwdexpired Subroutine) subroutine, setpcred subroutine, setpenv subroutine.

The login command, su command.

List of Security and Auditing Subroutines and Subroutines Overview in AIX 5L Version 5.1 General Programming Concepts: Writing and Debugging Programs.