Daylight v4.9
Release Date: 1 February 2008

Name

dt_setpassword - specify entries in a password file

Generic Prototype

dt_setpassword(dt_Handle, dt_String, dt_String, dt_String) => dt_Boolean

C Prototype

#include "dt_thor.h"

dt_Boolean dt_setpassword(dt_Handle object, dt_Integer wlen, dt_String who, dt_Integer alen, dt_String auth_pw, dt_Integer vlen, dt_String value)

FORTRAN Prototype

include 'dt_f_thor.inc'

logical dt_f_setpassword(object, who, auth_pw, value)

integer*4 object
character*() who
character*() auth_pw
character*() value

Description

Changes entries in a server or database password file. In all cases, a valid authorization password must be supplied, even if a connection to the object in question is opened (with sufficient privilege).

Valid password strings consist of one or more of the characters in the set [0-9A-Za-z]. Only the encrypted version of the password is stored, the unencrypted versions do not appear on disk (although they do travel across networks). Once a password is stored, it cannot be retrieved in its unencrypted form; one can only encrypt a password and see if it matches the stored, encrypted value (see dt_thor_open(3)).

For servers, the function has two uses: to change a user password and to add and delete users or hosts from the passwords file. The actions are controlled by the value of the string 'value'.

If 'value' is equal to the string "host:", the server changes or adds a host entry in the password file for the host 'who'. 'auth_pw' must be the password for user "thor".

If 'value' is equal to the strings "deleteuser:" or "deletehost:", the user or host specified in 'who' is removed from the servers password file. Again, 'auth_pw' must be the password for user "thor".

If 'value' is not one of the above mentioned special strings ("host:", "deleteuser:", "deletehost:"), then 'value is taken to be the new password for user 'who'. 'auth_pw' must match the current password for either user 'who' or user "thor". Only if the 'auth_pw' field matches the password for user "thor" can a blank or easy-to-guess password be entered. A regular user can not enter a trivial password and risk compromising security.

Note that the special strings ("host:", "deleteuser:", and "deletehost:") can not be mistaken for a user password, since the colon is not a valid character in a password.

For databases, the function will change the read, write, and executive password for the database 'object'. The string 'auth_pw' must contain the current executive password for the database. The string 'who' must be one of "r", "w", or "e" for read, write, and executive, respectively. The string 'value' becomes the new password for that access level.

Current opened connections are not affected by a change of password. Authorization is only checked when a connection to a server or database is initially made.

Return Value

Returns TRUE if the operation was successful, or FALSE if an error was encountered or if the change was not authorized on the server.

Related Topics

dt_database(3) dt_getdatabases(3) dt_getpasswords(3) dt_getsearchpath(3) dt_getusers(3) dt_server(3) dt_setsearchpath(3)