CML Reference Guide

Chapter 4.21:  Password Functions

 [TOP] [UP] [PREV] [NEXT]

Caucus version 4.0 adds a much more complete set of userid & password manipulation functions.  See the swebd configuration file swebd.conf for more information about setting up the initial userid & password management.

$pw_methods()
Evaluates to the list of password verification and manipulation methods specified in the PW_Prog parameter in the configuration file swebd.conf.  Typically "ldap", "internal", or "ldap internal" if both methods are allowed.

$pw_can_add([method])        {protected}
Evaluates to 1 if userids may be added to the userid & password database, and 0 otherwise.  Returns result for method.  If not specified, defaults to "internal" method or PW_Prog external program.

$pw_can_change([method])        {protected}
Evaluates to 1 if passwords may be changed in the userid & password database, and 0 otherwise.  Returns result for method.  If not specified, defaults to "internal" method or PW_Prog external program.

$pw_can_delete([method])        {protected}
Evaluates to 1 if userids may be deleted from the userid & password database, and 0 otherwise.  Returns result for method.  If not specified, defaults to "internal" method or PW_Prog external program.

$pw_can_reset([method])        {protected}
Evaluates to 1 if the PW_Can_Reset parameter was set "on" in swebd.conf.  See $pw_change(), below.  Returns result for method.  If not specified, defaults to "internal" method or PW_Prog external program.

$pw_can_verify([method])        {protected}
Evaluates to 1 if userids and passwords may be verified from the userid & password database, and 0 otherwise.  Returns result for method.  If not specified, defaults to "internal" method or PW_Prog external program.

The values of the last 5 functions are taken directly from the parameters of the same name (for the specified method) in swebd.conf.

In the functions below, method is again the name of the password manipulation method.  If not specified, it defaults to "internal" method or PW_Prog external program.

$pw_add(id pw override [method])        {protected}
Add the userid id with password pw to the password database.  If override is 1, anyone can add a userid.  Otherwise, the user must have the MGR_MKID permission bit.  Evaluates to 0 on success, or one of the error codes listed below.

$pw_change(id pw [method])        {protected}
Change userid id's password to pw.  Allowed if:
  • A user is changing their own password
  • User is a manager with the MGR_CHGPASS permission bit
  • No user is logged in, and swebd.conf parameter PW_Can_Reset is "on".  (Used, for example, in password-reset feature that assigns random password and e-mails it to user.)
Evaluates to 0 on success, or one of the error codes listed below.

$pw_delete(id [method])        {protected}
Delete userid id from the password database.  Requires that the user have the MGR_RMID permission bit.  Evaluates to 0 on success, or one of the error codes listed below.

(Remember to delete the user information with $per_delete() before deleting the userid!)

$pw_verify(id pw)        {protected}
Verifies that userid id has password pw.  Evaluates to 0 on success, or one of the error codes listed below.  Will try all of the authentication methods known by $pw_methods(), in order, until one succeeds or all fail.

$pw_source()
Evaluates to the "source" or authentication method of the first successful call to $pw_verify() in a session.  (Thus it either returns nothing, or one of the methods known by $pw_methods().)

The error codes for the previous 4 pw_ functions are: