NAME

catpac, catear - PAC and UAR interface

DESCRIPTION

The catpac and catear interfaces provides functions to obtain User Access Rights (UARs) from Privilege Attribute Certificates (PACs).

A PAC is a regular X.509 v3 certificate with a non-critical extension containing the UARs. Sensitive information in the UARs, such as passwords, is encrypted.

Before a PAC is opened (by catpac_openears()), the local side private key and certificate must be made known by calling catpsd_setpsd(). This is needed in order to decrypt any protected fields in a UAR and to know what UARs to look for.

UARs were previously called Enterprise Access Rights )(EARs), so the name catear exists for historical reasons.

FUNCTION OVERVIEW

catear_dbmap
Return Keon Security Server 4.5 (BoKS)-compatible dbmap information from the UAR.

catear_findnext
Search the UARs located by catpac_openears() looking for a more specific match.

catear_getdata
Extract a named value from a handle to UARs.

catear_getlogid
Get the user id to be used for logging from the UAR list.

catear_rewind
Reset the state of the UAR list so that the next call to catear_findnext will start at the first element.

catpac_closeear
Close an open peer certificate (PAC) and free any allocated data.

catpac_openears
Return a handle that represents the list of UARs found in the PAC.

SEE ALSO

cat

catear_dbmap, catear_findnext, catear_getdata, catear_getlogid, catear_rewind, catpac_closeear, catpac_openears