SECURITY-PASSWORD(2) SECURITY-PASSWORD(2)
NAME
password: get, put, setpwfile - read and write password
entries in the password file
SYNOPSIS
include "keyring.m";
include "security.m";
pw := load Password Password->PATH;
PW: adt {
id: string; # user id
pw: array of byte; # hashed password
expire: int; # expiration time
other: string; # about the account
};
get: fn(id: string): ref PW;
put: fn(pass: ref PW): int;
setpwfile: fn(file: string): string;
DESCRIPTION
This module provides a convenient interface to a server's
password file (default: /keydb/password). Each entry in the
file contains information corresponding to the members of
the PW adt, with the following members:
id user identification string (should be less than
Sys->NAMELEN bytes)
pw password hashed by the SHA algorithm (see keyring-
sha(2)) into a byte array
expire password entry expiry date expressed as seconds from
the epoch (1 Jan 1970 00:00:00 GMT); see daytime(2)
other arbitrary administrative comment
The functions provide access to the file. If user id has
got a corresponding entry in the password file, get returns
a PW adt with the data from that entry. Otherwise, it
returns a nil reference.
Put creates or updates the password entry for pass.id, with
the data in pass. The password file itself is created if
necessary.
The standard system password file is used by default, but an
application might maintain a set of passwords of its own.
It can use the Password module to access the file, by first
Page 1 Plan 9 (printed 12/21/24)
SECURITY-PASSWORD(2) SECURITY-PASSWORD(2)
calling setpwfile to name the file to be used by get and
put.
FILES
/keydb/password
SOURCE
/appl/lib/password.b
SEE ALSO
changelogin(8), logind(8)
BUGS
Access to the password file is not serialised; the password
file entries should be protected by encryption. Both prob-
lems will be solved by replacing these routines by a file
server to manage the entries.
Page 2 Plan 9 (printed 12/21/24)