Identification and authentication facility
The Identification and Authentication Facility (IAF) is a framework for
doing identification and authentication that separates the mechanisms, or
schemes,
from the clients and services being protected.
The IAF consists of:
-
A number of schemes:
-
A means of invoking them with standardized input and output, namely
the
invoke(S)
function
-
a means of passing information among cooperating components,
namely the
iaf
STREAMS
module, and the following attribute-value manipulation functions:
-
getava(S)
-
putava
-
retava
-
setava
and a means of performing standard operations with the information, namely:
-
the
set_id(S)
function to set the user's
uid
-
the
set_env(S)
function to set the user's environment
-
shserv(ADM)
command to start the user's login shell
This mechanism is employed by the Connection Server and by SAF port monitors
to authenticate clients to services (and vice versa, in the case of the
cr1
scheme).
However, applications may also call the
invoke(S)
function to perform authentication using
cr1
and other schemes, and they may set and retrieve information with
the attribute-value manipulation functions.
These interfaces are found in
libiaf.so.
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 02 June 2005