authuser(3)authuser(3)NAMEauthuser - library to get information from a remote
Authentication Server
SYNTAX
#include <authuser.h>
unsigned short auth_tcpport;
char *auth_xline(user,fd,&in);
int auth_fd(fd,&in,&local,&remote);
char *auth_tcpuser(in,local,remote);
char *user;
int fd;
unsigned long in;
unsigned short local;
unsigned short remote;
DESCRIPTION
The authuser library provides a simple interface for find
ing out the remote identity of a connection through the
Authentication Server as specified by RFC 931. Use the
-lauthuser loader option to compile a program with this
library.
auth_xline(user,fd,&in) returns a line of the form X-Auth-
User: user or X-Forgery-By: username, depending upon what
the host on the other side of fd thinks of the user. This
is particularly appropriate for mail and news headers.
If the remote host reports that user owns the connection
on that side, auth_xline will return X-Auth-User: user.
If the remote host reports that a different username owns
the connection, auth_xline will return X-Forgery-By: user
name. If user is NULL, it returns X-Auth-User: username
with the username reported by the remote host. If fd is
not a TCP connection or authentication is impossible,
auth_xline returns NULL, setting errno appropriately.
The line is not cr-lf terminated. It is stored in a
static area which is overwritten on each call to
auth_xline. auth_xline places the Internet address of the
other host into in.
auth_fd(fd,&in,&local,&remote) retrieves address informa
tion from the connection in socket fd. It places the
Internet address of the host on other side into in and the
local and remote TCP ports into local and remote. auth_fd
returns -1 upon error, setting errno appropriately.
auth_tcpuser(in,local,remote) returns the name of the user
1
authuser(3)authuser(3)
on the other end of the TCP connection between remote@in
and local. If authentication is impossible, auth_tcpuser
returns NULL, setting errno appropriately. The user name
is stored in a static area which is overwritten on each
call to auth_tcpuser and auth_xline.
The authentication routines check with the remote Authen
tication Server on port auth_tcpport, which defaults to
113 as specified by RFC 931. You can set auth_tcpport to
other values for nonstandard implementations.
RESTRICTIONSauthuser does no backslash interpretation upon the remote
user name. Hopefully the next revision of RFC 931 will
make clear exactly what backslash interpretation should be
going on.
authuser does not use the operating system type informa
tion provided by the Authentication Server.
VERSIONauthuser version 3.1, May 6, 1991.
AUTHOR
Placed into the public domain by Daniel J. Bernstein.
REFERENCES
The authentication server is more secure than passwords in
some ways, but less secure than passwords in many ways.
(It's certainly better than no password at all---e.g., for
mail or news.) It is not the final solution. For an
excellent discussion of security problems within the
TCP/IP protocol suite, see Steve Bellovin's article
``Security Problems in the TCP/IP Protocol Suite.''
SEE ALSOauthtcp(1), attachport(1), getpeername(3), getsockname(3),
tcp(4), authd(8)
2