Interface SecurityLevel2::PrincipalAuthenticator

interface PrincipalAuthenticator

The Principal Authenticator object creates Credentials objects and places them on the Current object's own_credentials list. T The application is not allowed create it's own credentials objects, it must use the Principal Authenticator.

The Principal Authenticator makes a call on the SecurityReplaceable::Vault to acquire the particular credentials. The Vault is invisible to the application.

The Principal Authenticator object is retrieved off of the SecurityLevel2::Current object as resides there as a read-only attribute.



Operation Index

authenticate
This method attemps to authenticate the principal.
continue_authentication
This operation is for continuing the authentication process should it be needed, i.e.
get_supported_authen_methods
This operation returns the authentication methods that are valid for a particular mechanism that the Vault object supports.

Operations

authenticate
Security::AuthenticationStatus authenticate(in Security::AuthenticationMethod method,
                                            in Security::MechanismType mechanism,
                                            in Security::SecurityName security_name,
                                            in Security::Opaque auth_data,
                                            in Security::AttributeList privileges,
                                            out Credentials creds,
                                            out Security::Opaque continuation_data,
                                            out Security::Opaque auth_specific_data);

This method attemps to authenticate the principal.

Parameters:
mechanism - The string repsentation of the mechanism. This parameter may have values such as "SECIOP-KerberosV5-MIT,DES-CBC-CRC" mandating GSS Kerberos Version 5 supplied from M.I.T. using the DES-CBC-CRC crypto profile.
method - This parameter indexes the authentication method. Values for this parameter must be one of the authenication methods returned from get_supported_authen_methods.
security_name - This parameter is the name that needs to be authenticated. This parameter may be an empty byte sequence depending upon the mechanism, signifying a default of some sort. This parameter must follow some encoding rules stipulated by the mechanism. Adiron provides a toolset to help out. See orbasec.SecurityName.
auth_data - This parameter is the authentication data that must be supplied to help in the authentication process. For the suppled Kerberos Vault, this argument contains a string in a "=\n" format. The current items that are needed are: configfile=, delegation=, password=, cache=, keytab=, lifetime=, renewable_life=.
privileges - This parameter is supposed to include the extra security attributes in the credentials. For this particular Kerberos mechanism, no other attributes other than the principal name are allowed. Therefore, this parameter is not used.
creds - These are the output credentials of the "Own" credentials type. These same credentials may be retrieved off of the security current.
continuation_data - This parameter is for the return of data for of continuation fo the authentication. For this particular Kerberos Vault the authentication is a one step process. No data will be returned in this parameter.
auth_specific_data - For the particular this Kerberos Vault this parameter returns nothing.
Returns:
SecAssocSuccess if the principal was authenticated. SecFailure will not be returned, as the PA will raise a CORBA::NO_PERMISSION exception with an informative reason. SecAssocContinue will not be returned either since the particular Kerberos Vault being used does not have more than a one step authentication process.

continue_authentication
Security::AuthenticationStatus continue_authentication(in Security::Opaque response_data,
                                                       in Credentials creds,
                                                       out Security::Opaque continuation_data,
                                                       out Security::Opaque auth_specific_data);

This operation is for continuing the authentication process should it be needed, i.e. authenticate returns SecAssocContinue. However, the particular Kerberos Vault does not continue authentication, and therefore, it is not used.


get_supported_authen_methods
Security::AuthenticationMethodList get_supported_authen_methods(in Security::MechanismType mechanism);

This operation returns the authentication methods that are valid for a particular mechanism that the Vault object supports. This operation raises a CORBA::BAD_PARAM exception of the vault does not support the mechanism. The meaning of the values returned are specific to the mechanism.



Generated by the ORBacus IDL-to-HTML translator (non-commercial)