diff options
| author | Jacob McDonnell <jacob@jacobmcdonnell.com> | 2026-04-26 16:38:00 -0400 |
|---|---|---|
| committer | Jacob McDonnell <jacob@jacobmcdonnell.com> | 2026-04-26 16:38:00 -0400 |
| commit | 97d5c458cfa039d857301e1ca7d5af3beb37131d (patch) | |
| tree | b460cd850d0537eb71806ba30358840377b27688 /static/inferno/man2/security-login.2 | |
| parent | b89dc2331a50c63f8b33272a5c4c61ab98abdaa3 (diff) | |
build: Better Build System
Diffstat (limited to 'static/inferno/man2/security-login.2')
| -rw-r--r-- | static/inferno/man2/security-login.2 | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/static/inferno/man2/security-login.2 b/static/inferno/man2/security-login.2 new file mode 100644 index 00000000..43a727e7 --- /dev/null +++ b/static/inferno/man2/security-login.2 @@ -0,0 +1,93 @@ +.TH SECURITY-LOGIN 2 +.SH NAME +login \- verify credentials +.SH SYNOPSIS +.EX +include "keyring.m"; +include "security.m"; +login := load Login Login->PATH; + +login: fn(name, password, addr: string): + (string, ref Keyring->Authinfo); +.EE +.SH DESCRIPTION +The +.BR Login +module is provided for use by a client of +a certifying authority (CA) or `signer'. +The +.B login +function communicates +with a certifying authority (CA) +in order to create a +.B Keyring->Authinfo +adt +which contains a public/private key pair and a certificate +signed by the CA +(see +.IR keyring-intro (2)). +The public/private key pair is generated by +.B login +using the same parameters as those in the signer's key +(eg, algorithm and key length); +see +.IR keyring-gensk (2). +The procedure assumes a secret, i.e. a +password, has already been established +between the user and the CA. +See +.IR changelogin (8) +and +.IR keyfs (4) +for how this password is managed at the +CA. +.PP +.B Login +connects, using +.IR dial (2), +to the signer at network address +.IR addr , +which is any form accepted by +.IR cs (8), +including the special address +.BR $SIGNER , +which +.IR cs +will translate to the client's default signer (if there is one). +Normally the incoming call will be given to +.IR logind (8) +by +.IR svc (8). +.PP +.B Login +sends the user +.I name +and +.IR password , +using the protocol described in +.IR login (6), +to justify the server's +issuing a certificate, which is returned in a +.B Keyring->Authinfo +adt on success. +The certificate can if desired be stored by +.BR Keyring->writeauthinfo ; +see +.IR keyring-auth (2). +The password is used by the encrypted +key exchange protocol to establish +a secure channel between user and CA. +.SH SOURCE +.B /appl/lib/login.b +.SH SEE ALSO +.IR getauthinfo (8), +.IR keyring-auth (2), +.IR login (6), +.IR createsignerkey (8), +.IR logind (8) +.SH DIAGNOSTICS +.B Login +returns nil in the string component +on success and a diagnostic string on error (with a nil +.B Keyring->Authinfo +reference). |