Logging into a running Legion system


About the AuthenticationObject
A user who logs in to a Legion system (with a user id) is identified by the LOID of a special object called the AuthenticationObject: this LOID contains the user's password, initial implicit parameters (the Legion equivalent of a the Unix "environment"), and other information. The utilities legion_passwd, legion_set_implicit_params, legion_set_acl, legion_get_implicit_params, and legion_get_acl, can be used to retrieve or change this information. When an authenticated user runs a process, a certificate confirming his or her identify is passed along to verify that the user has permission to run the process. This certificate is created and signed by the user's AuthenticationObject.

AuthenticationObjects must be permanent in order to be useful. If an AuthenticationObject is destroyed, its associated LOID, which identifies the user to the rest of the system, is lost. There is no way to generate an identical LOID for a new AuthenticationObject.