User and password

User and password functions are used to verify passwords and provide password control.

getstringpasswd

Description

The getstringpasswd() function prompts the user for a password and compares the answer against the previously encrypted password.

The user’s failure to provide the correct password does not automatically result in a rejection of the secured task request. The policy should examine the result of the getstringpasswd() function and respond accordingly.

Syntax

result = getstringpasswd(encryptedpassword\[, prompt [, attempts]]);

Arguments

Name	Description
encryptedpassword	Required. An encrypted password, which can be generated by pbpasswd. The clear text form of this password is the password that the user is expected to enter.
prompt	Optional. A user prompt that describes the desired password. If none is specified, then the default prompt Password: is used.
attempts	Optional. Number of attempts the user gets to specify the correct password. The default value for attempts is 3.

Return values

Name	Description
true	The answer matched the password.
false	The answer did not match the password.

Example

In this example, result contains true if the user enters the correct Backup Task Password. If the correct password is not entered in two attempts, the function sets result to false.

result = getstringpasswd(<encrypted string>, "Please enter the Backup Task Password: ", 2);

ingroup

Description

The ingroup() function determines whether the specified user is a member of the specified group.

Syntax

result = ingroup(user, group);

Arguments

Name	Description
users	Required. A username.
group	Required. A group name.

Return values

Name	Description
true	User is a member of group.
false	User is not a member of group or the user or group is null or invalid.

Example

In this example, result contains an integer value 1 if user1 belongs to the group admgroup.

result contains an integer value 0 if user1 does not belong to group admgroup.

result = ingroup("user1", "admgroup");

submitconfirmuser

Description

The submitconfirmuser() function controls whether or not a user must enter a password before the current task request is accepted. When this function is set, the user submitting the request is prompted for the password that is associated with the submit host username set in this function.

The user’s failure to provide the correct password does not automatically result in a rejection of the secured task request. The policy should examine the result of the submitconfirmuser() function and respond accordingly.

Syntax

result = submitconfirmuser(user\[, prompt\[, attempts[, name, time]]]);

Arguments

Name	Description
user	Required. A string that contains a username that exists on the submit host.
prompt	Optional. The prompt text for the password. The default is Enter password for .
attempts	Optional. The number of attempts that the user has to enter the correct password. The default value for attempts is 3.
name	Optional. The name of a persistent variable whose expiration determines the reauthenticate grace period. The value must start with a dollar sign ($), otherwise no grace period is set and submitconfirmuser()automatically prompts for a password. If name is specified, the time parameter (below) is required.
time	Required if name argument (above) is specified). The expiry date (number of seconds) after which a prompt is forced. submitconfirmuser() returns true without prompting the user for a password if the persistent variable, defined by the name argument, exists and its expiry date, defined by time, has not been exceeded.

Return values

Name	Description
true	Password matched.
false	Password did not match.

Example

In this example, the prompt "Please enter the user’s password:" is displayed and the user is allowed three login attempts.

result = submitconfirmuser(user, "Please enter the user's password:", 3);  
if (result != 1) {  
reject;  
}