setauthdb or setauthdb_r Subroutine
Purpose
Defines the current administrative domain.
Library
Standard C Library (libc.a)
Syntax
#include <usersec.h>
int setauthdb (New, Old)
authdb_t *New;
authdb_t *Old;
int setauthdb_r (New, Old)
authdb_t *New;
authdb_t *Old;
Description
The setauthdb and setauthdb_r subroutines set the value of the current administrative domain in the New parameter. The setauthdb subroutine sets the value of the current process-wide administrative domain. The setauthdb_r subroutine sets the administrative domain for the current thread if one is set. The subroutines return -1 if no administrative domain is set. The current administrative domain is returned in the Old parameter. The Old parameter can be a null pointer if the value of the current administrative domain is not wanted.
The administrative domain determines which user and group information databases are queried by the user and group library functions. The default behavior is to access all of the defined administrative domains. The setauthdb subroutine restricts the user and group library functions to the named administrative domains for all threads in the current process. The setauthdb_r subroutine restricts the user and group library functions to the named administrative domain for the current thread. The default behavior can be restored by using a null pointer for the value of the New parameter or an empty string for the value of the New parameter.
The
string that is referenced by the New parameter
must be the string files, compat or
an administrative domain that is defined in the /usr/lib/security/methods.cfg file.
The New and Old parameters
are of type authdb_t. The authdb_t type
is a 16-character array that contains the name of a loadable authentication
module.
domainlessgroups attribute
is set to true in the /etc/secvars.cfg file,
and if the setauthdb subroutine sets the administrative
domain to either LDAP or files,
the setauthdb subroutine searches the user information
in both the domains (LDAP and files)
for the group. This domainlessgroups attribute
behavior is restricted to the LDAP domain and the files domain.Parameters
| Item | Description |
|---|---|
| New | Pointer to the name of the new database module.
The New parameter must reference a value
module name that is contained in the /usr/lib/security/methods.cfg file,
or one of the predefined values (BUILTIN, compat,
or files). The empty string can be used to remove
the restriction on which modules are used. |
| Old | Pointer to where the name of the current module is stored. A NULL value for the Old parameter can be used if the current name of the database is not wanted. |
Return Values
| Item | Description |
|---|---|
| 0 | The module search restriction is successfully changed. |
| -1 | The module search restriction is not changed.
The errno variable must be examined to determine
the cause of the failure. |
Error Codes
| Item | Description |
|---|---|
| EINVAL | The new_auth_db parameter is
longer than the permissible length of a stanza in the /usr/lib/security/methods.cfg file
(15 characters). |
| ENOENT | The new_auth_dbdoes not reference
a valid stanza in /usr/lib/security/methods.cfg or
one of the predefined values. |