Users
Each secure daemon instance authorizes a set of trusted users:
| • | The secure daemon allows a client transport to connect only if the client presents valid identification as an authorized user. |
| • | User identification can be either a certificate, or a user name and password. |
To authorize a user, see Users.
To connect to a secure daemon as a user, see Secure Daemon programming language API.
Certificate Identification
The secure daemon can register zero or more X.509 public key identity certificates per user. The secure daemon limits access to user programs that can sign TLS protocol messages with a corresponding private key.
The secure daemon accepts all certificates in either PEM encoding or PKCS #12 format.
For more details, see CA-Signed Certificates.
User Name and Password Identification
The secure daemon registers at most one password per user. The secure daemon limits access to user programs that supply a correct pair of user name and password strings.
|
Important |
For important information about password security, see Security Factors. |
User name and password strings must conform to these syntax specifications:
| • | The user name must be less than 128 characters. The combined length of the user name and password must be less than 250 characters. |
| • | These strings must consist of printable characters only, from any character set. |
Dot (.), star (*), and greater-than (>) characters are permitted. However, we recommend against using them except in legacy situations (for example, where such names are already in use in another security system).
| • | These strings cannot contain two adjacent space characters. |
| • | The first and last characters must not be spaces. |
| • | These strings must contain at least one non-space character. |
| • | These strings cannot contain embedded newline characters (\n) or null characters. |
| • | The null or empty string is not a legal user name nor password. |