IBM 2 Computer Hardware User Manual


 
CCA Release 2.54
Figure B-39 (Page 1 of 2). Authentication Data for Each Authentication Mechanism
Field name Length
(bytes)
Description
Length 2 The size of this set of authentication mechanism data, in
bytes. The length field includes all bytes of mechanism data
following the length field itself.
Mechanism ID 2 An identifier which describes the authentication mechanism
associated with this set of data. For example, there might be
identifiers for passphrase, PIN, fingerprint, public-key based
identification, and others. This is an integer value.
For passphrase authentication, the mechanism ID is the
integer value X'0001'.
Mechanism
Strength
2 An integer value which defines the strength of this
identification mechanism, relative to all others. Higher values
reflect greater strength. A value of zero is reserved for users
who have not been authenticated in any way.
Expiration
Date
4 The last date on which this authentication data may be used
to identify the user. The field contains the month, day, and
year of expiration. All four digits of the year are stored, so
that no problems occur at the turn of the century.
The expiration date is a four-byte structure, as shown in the
C type definition below.
typedef struct {
unsigned char exp_year[2];
unsigned char exp_month;
unsigned char exp_day;
} expiration_date_t;
The two-byte exp_year is in big-endian format. The
high-order byte is at the lower numbered address.
Mechanism
Attributes
4 This field contains flags and attributes needed to fully
describe the operation and use of the authentication
mechanism. One flag is defined for all methods:
Renewable A Boolean value which indicates whether the
user is permitted to renew the authentication
data. If this value is True (1), the user can
renew the data by authenticating, and then
providing new authentication data. For example,
to replace a passphrase, the user would first log
on using his or her passphrase. Then, the
passphrase would be changed by providing the
new passphrase authentication data using the
Access_Control_Initialization verb with the
CHG-AD rule-array keyword. The format of the
passphrase authentication data is described
immediately below under ‘mechanism data’.
The Renewable bit is the most-significant bit (MSB) in the
four-byte attributes field. The other 31 bits are unused, and
must be set to zero.
Appendix B. Data Structures B-35