Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
OpenXOpenXPKI::Server:UserkContributediPerlTDocumentationeChallengePassword(3)

Name
       OpenXPKI::Server::Workflow::Activity::Tools::ValidateChallengePassword

Description
       Check the validity of the challenge password.

       The activity is designed	to run within "shared workflows" and reads the
       data source configuration details from a	config path. The default path
       is $interface.$server.challenge which can be changed by setting the
       config_path parameter.

       The result of the validation is written to the context key identified
       by target_key. The result is a literal 0	or 1 if	the the	check failed /
       was successful. If the given password is	empty or undefined, the	target
       key is deleted/not set.

   Activity Configuration
       challenge_password
	   The actual value of the password to check.

       config_path
	   The path where to look up the data source config (see next
	   section).

	   The default is equivalent to

	     map_config_path: "[% context.interface %].[% context.server %].challenge"

       target_key
	   The context key to store the	evaluation result.  The	default	is
	   challenge_password_valid.

       mode
	   Set the validation mode, one	of "bind" or "literal" (default).

   Validation Mode
       bind

       If you want to check the	password against without revealing information
       about it, use mode: bind.

	 challenge:
	   mode: bind
	   value@: connector:scep.connectors.challenge
	     args:
	     - "[% context.cert_subject	%]"

       This will call the given	connector with the cert_subject	as path
       argument, the password is passed	as parameter using the key "password",
       therefore you need to use a a special connector that can	consume	this
       extra section.  The return value	is evaluated in	boolean	context.

       literal

       Fetch the password from the given source	and compare it against the
       given challenge.	Supports only plain text password yet. Example for a
       mac address based challenge source (mac is passed using the url param
       feature).

	 challenge:
	   value@: connector:scep.connectors.challenge
	     args:
	     - "[% context.url_mac %]"

       This will use the value returned	from the connector at
       scep.connectors.challenge.00:11:22:33:44:55.

       If you have a static password for all requests, use:

	 challenge:
	   value: mypassword

perl OpenXPKI::Server::Workflow::Activity::Tools::ValidateChallengePassword(3)

Name | Description

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=OpenXPKI::Server::Workflow::Activity::Tools::ValidateChallengePassword&sektion=3&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help