AUTH(2)                                                   AUTH(2)

     NAME
          auth, srvauth, getchall, challreply, newns, authdial,
          passtokey, nvcsum - network authentication

     SYNOPSIS
          #include <u.h>
          #include <libc.h>
          #include <auth.h>

          char*     auth(int fd, char *dialstring)

          char*     srvauth(char *user)

          int  getchall(char *user, char chall[NETCHLEN]);

          int  challreply(int fd, char *user, char *response);

          char*     newns(char *user, char *nsfile)

          int  authdial(char *service)

          int  passtokey(char key[DESKEYLEN], char *password)

          uchar     nvcsum(void *mem, int len)

     DESCRIPTION
          Auth and srvauth authenticate connections for Plan 9 remote
          execution using the rexauth protocol described in auth(6).
          Auth authenticates an outgoing network call.  Fd is a file
          descriptor to the data channel of the network connection.
          Auth extracts from dialstring the name of the server being
          called.  Dialstring should be the address passed to dial(2).
          Auth reads the user's name with getuser(2) and uses #c/crypt
          for encrypting and decrypting rexauth messages.

          Srvauth authenticates the corresponding incoming call.  It
          copies the name of the user into user, which must be at
          least NAMELEN bytes long.

          Getchall and challreply authenticate an incoming network
          call for a service that does not perform the usual Plan 9
          authentication.  They use the chal protocol described in
          auth(6). User points to the local name of the user.
          Getchall reads a null-terminated textual challenge from the
          authentication server and copies it to chall. It returns the
          open file descriptor to the authentication server, or -1 if
          it fails.  The challenge should be printed for the user to
          see, and the user should use a Digital Pathways Securenet
          Key or aux/netkey (see passwd(1)) to generate the appropri-
          ate response.

     Page 1                       Plan 9            (printed 12/21/24)

     AUTH(2)                                                   AUTH(2)

          Challreply should be called with the user's response, which
          is also a null-terminated text string, and the file descrip-
          tor returned from getchall. It returns 0 if it succeeds, or
          -1 if the user was not authenticated.

          Srvauth and challreply set the process's user name and
          encryption key (see cons(3)).

          Newns builds a name space for user. It opens the file nsfile
          (/lib/namespace is used if nsfile is null), copies the old
          environment, and erases the current name space, sets the
          environment variables user and home, and interprets the com-
          mands in nsfile. The format of nsfile is described in
          namespace(6).

          Authdial calls service on the local authentication server.
          It returns a file descriptor to the open connection or -1 if
          it fails.

          Passtokey converts password into a DES key and stores the
          result in key. It returns 0 if password could not be con-
          verted, and 1 otherwise.

          Nvcsum computes a checksum for the len byte array mem. It is
          used to checksum keys stored in non-volatile RAM.

     FILES
          #c/crypt           Encryption file used by auth.

          /lib/namespace     Default name space specification file.

     DIAGNOSTICS
          Auth, srvauth, and newns return a pointer to an error mes-
          sage upon failure, and 0 upon success.

     SEE ALSO
          passwd(1), auth(6), cons(3), dial(2)

     Page 2                       Plan 9            (printed 12/21/24)