'a' - The Authenticate Command
The authenticate command is specific to the authentication DBM. It allows a person to prove his or her identity to an authentication realm by providing a PUID or alias and a password.
Symbol
The puidnetd.h symbol for the authenticate command is PUIDNETD_CMD_AUTHC.
Keys
The standard keys for the authenticate command are either PUID or alias.
a -- alias (PUIDNETD_DATA_AKA); do an exact match on the alias fielda value.
p -- PUID (PUIDNETD_DATA_PUID); do an exact match on the PUID field value.
Reply
If the specified key is found and the authentication is successful, the reply message will contain a positive acknowledgement
(ACK); if not, a negative
acknowledgement (NAK).
N.B.: a NAK may result even if the
password matches, e.g., if the
account is frozen.
A NAK may be accompanied by
these fields. The field symbols come from puidnetd.h.
e -- an error code (PUIDNETD_DATA_ERRC); it accompanies a NAK reply.
M -- a message (PUIDNETD_DATA_MSG); it accompanies a NAK reply.
Required Fields
The authenticate command requires a realm record containing an unencrypted, base 64 encoded password field.
Additional Fields
None
Examples
Suppose the user with PUID 00123-45678 and alias "jdoe" is a member of the
Purdue realm, with password "secret0"
(base 64 encoded as "c2VjcmV0MA=="):
Authenticate by providing PUID and password:
a p12345678 @Rpurdue Pc2VjcmV0MA== @
Authenticate by providing alias and password:
a ajdoe @Rpurdue Pc2VjcmV0MA== @
Restrictions
Because passwords are sent unencrypted, authentication requests must use an SSL connection. Authentication requests sent over a non-SSL connection are rejected with the error PUIDNETD_EORSSLC:
Error: Operation requires SSL connection (42)