SECURITY-PASSWORD(2) SECURITY-PASSWORD(2) NAME password: get, put, setpwfile - read and write password entries in the password file SYNOPSIS include "keyring.m"; include "security.m"; pw := load Password Password->PATH; PW: adt { id: string; # user id pw: array of byte; # hashed password expire: int; # expiration time other: string; # about the account }; get: fn(id: string): ref PW; put: fn(pass: ref PW): int; setpwfile: fn(file: string): string; DESCRIPTION This module provides a convenient interface to a server's password file (default: /keydb/password). Each entry in the file contains information corresponding to the members of the PW adt, with the following members: id user identification string (should be less than Sys->NAMELEN bytes) pw password hashed by the SHA algorithm (see keyring- sha(2)) into a byte array expire password entry expiry date expressed as seconds from the epoch (1 Jan 1970 00:00:00 GMT); see daytime(2) other arbitrary administrative comment The functions provide access to the file. If user id has got a corresponding entry in the password file, get returns a PW adt with the data from that entry. Otherwise, it returns a nil reference. Put creates or updates the password entry for pass.id, with the data in pass. The password file itself is created if necessary. The standard system password file is used by default, but an application might maintain a set of passwords of its own. It can use the Password module to access the file, by first Page 1 Plan 9 (printed 12/29/24) SECURITY-PASSWORD(2) SECURITY-PASSWORD(2) calling setpwfile to name the file to be used by get and put. FILES /keydb/password SOURCE /appl/lib/password.b SEE ALSO changelogin(8), logind(8) BUGS Access to the password file is not serialised; the password file entries should be protected by encryption. Both prob- lems will be solved by replacing these routines by a file server to manage the entries. Page 2 Plan 9 (printed 12/29/24)