File: protocol-1.html

package info (click to toggle)
cvm 0.97-0.1
  • links: PTS
  • area: main
  • in suites: bullseye, buster, sid
  • size: 1,036 kB
  • sloc: ansic: 4,065; sh: 2,758; makefile: 235; sql: 15
file content (95 lines) | stat: -rw-r--r-- 2,815 bytes parent folder | download | duplicates (5)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<html>
<body>

<h2><a href="cvm.html">CVM</a></h2>
<h2><a href="protocol-2.html">CVM Version 2 Proposed Protocol</a></h2>

<h1>CVM Version 1 Protocol</h1>

<h2>Input</h2>

<p>Input to the authenticator is as follows.  All items except the
first, which is a single byte, are NUL-terminated strings.  The total
length of the input must not exceed 512 bytes.</p>

<ol>

<li>Protocol number, 1.

<li>Account name base (ie user name).

<li>Account domain name.

<li>List of credentials.

<li>An empty string (ie a single NUL byte).

</ol>

<p>The credentials consist of one of the following:</p>

<ul>

<li>For plain login, the password.

<li>For APOP, the timestamp and MD5 digest.

<li>For CRAM-MD5 keyed hashing, as specified in RFC 2095, the
challenge and MD5 digest.

</ul>

<h2>Output</h2>

<p>If authentication succeeds, the output from the module is a single
byte success code followed by a list of <a href="facts.html">facts</a>
about the authenticator.  The total size of the output must not exceed
512 bytes.</p>

<p>If authentication succeeded, the code byte will be 0.  If the
credentials are accepted by this module, but are not valid, the code
will be 100 (permanent failure).  Any other code indicates a temporary
error.</p>

<p>Each fact consists of a single byte identifying what type of fact
is being reported, followed by a sequence of zero or more non-NUL
bytes, terminated by a single NUL byte.  A second NUL byte follows the
last fact and indicates the end of the list.</p>

<h2>Environment Variables</h2>

<p>The following environment variables may be set by the invoker:</p>

<dl>

<dt><tt>SERVICE</tt> <dd>The service name, to be used (for example) by
PAM modules to determine which configuration file to load.

</dl>

<p><b>Note:</b> for non-command modules, the invoker is NOT the CVM
client.  The CVM client has no control over the environment variables
of non-command modules.</p>

<h2>Implementation Considerations</h2>

<p>The module must report a temporary error if it detects malformed
input (incorrect credentials, etc.).  Extra data following the final
NUL byte in the credentials is a fault in the invoking code, and must
be rejected by the module.  Similarly, extra data following the final
NUL byte in the facts is a fault in the module code.</p>

<p>All data following an unsuccessful result status code must be
ignored by the invoking code.  Modules should not produce any facts
when validation fails.</p>

<p>An executable module must exit 0 if authentication succeeds.
Non-zero exit codes from an executable module should be treated as a
temporary error.</p>

<p>The invoker of an executable module must assume a temporary error
if the module either fails to completely read its input or produces
incomplete output, even if the module exits without error.</p>

</body>
</html>