The Principal Authenticator object creates Credentials objects and places them on the Current object's own_credentials list. T The application is not allowed create it's own credentials objects, it must use the Principal Authenticator.
The Principal Authenticator makes a call on the SecurityReplaceable::Vault to acquire the particular credentials. The Vault is invisible to the application.
The Principal Authenticator object is retrieved off of the SecurityLevel2::Current object as resides there as a read-only attribute.
Security::AuthenticationStatus authenticate(in Security::AuthenticationMethod method, in Security::MechanismType mechanism, in Security::SecurityName security_name, in Security::Opaque auth_data, in Security::AttributeList privileges, out Credentials creds, out Security::Opaque continuation_data, out Security::Opaque auth_specific_data);
This method attemps to authenticate the principal.
mechanism
- The string repsentation of the mechanism.
This parameter may have values such as
"SECIOP-KerberosV5-MIT,DES-CBC-CRC" mandating
GSS Kerberos Version 5 supplied from M.I.T.
using the DES-CBC-CRC crypto profile.
method
- This parameter indexes
the authentication method. Values for
this parameter must be one of the authenication
methods returned from
get_supported_authen_methods.
security_name
- This parameter is the name that needs
to be authenticated. This parameter may be
an empty byte sequence depending upon the
mechanism, signifying a default of some sort.
This parameter must follow some encoding rules
stipulated by the mechanism. Adiron provides
a toolset to help out. See orbasec.SecurityName.
auth_data
- This parameter is the authentication
data that must be supplied to help
in the authentication process. For
the suppled Kerberos Vault, this argument
contains a string in a "privileges
- This parameter is supposed to include
the extra security attributes in
the credentials. For this particular
Kerberos mechanism, no other attributes
other than the principal name are allowed.
Therefore, this parameter is not used.
creds
- These are the output credentials of the
"Own" credentials type. These
same credentials may be retrieved off of
the security current.
continuation_data
- This parameter is for the return of
data for of continuation fo the authentication.
For this particular Kerberos Vault
the authentication is a one step process. No
data will be returned in this parameter.
auth_specific_data
- For the particular this Kerberos Vault
this parameter returns nothing.
Security::AuthenticationStatus continue_authentication(in Security::Opaque response_data, in Credentials creds, out Security::Opaque continuation_data, out Security::Opaque auth_specific_data);
This operation is for continuing the authentication process should it be needed, i.e. authenticate returns SecAssocContinue. However, the particular Kerberos Vault does not continue authentication, and therefore, it is not used.
Security::AuthenticationMethodList get_supported_authen_methods(in Security::MechanismType mechanism);
This operation returns the authentication methods that are valid for a particular mechanism that the Vault object supports. This operation raises a CORBA::BAD_PARAM exception of the vault does not support the mechanism. The meaning of the values returned are specific to the mechanism.
Generated by the ORBacus IDL-to-HTML translator (non-commercial)