Provided by: dacs_1.4.28b-3ubuntu2_i386 bug


       dacs_current_credentials - display DACS credentials


       dacs_current_credentials [dacsoptions[1]]


       This program is part of the DACS suite.

       The dacs_current_credentials web service provides information about the
       credentials that accompany the request and the identities described by
       those credentials. It can be used to determine whether credentials are
       valid, confirm who they belong to, find out which roles are associated
       with the credentials, and so on.

       If user activity[2] data is available, dacs_current_credentials can
       also return information for the identity associated with each valid set
       of credentials, including the time of the last sign on and a
       description of any sign-on that is still "active" (i.e., has not
       expired and was not signed off). This information can be useful for
       detecting unauthorized account access, regardless of the authentication
       method used, and other potentially problematic activity.

       The FORMAT argument[3] determines the type of output, with the default
       being HTML, using the style sheet dacs_current_credentials.css[4]. If
       XML output is selected, a document conforming to
       dacs_current_credentials.dtd[5] is returned, which supplies additional
       information. The JSON format is also recognized. The previous_auth and
       active_auth elements appear only when user activity tracking data is
       accessible. The previous_auth element is empty if there are not two or
       more records of authentication activity for the associated identity.
       For a given identity, an active_auth element is present for each
       authentication event for which there is no corresponding sign off
       event, other than the most recent one, and for which the issued
       credentials have not expired - these are "active sessions".
       Reauthentication as the same identity does not create a sign off event,
       however, and signing off (e.g., via dacs_signout(8)[6]) does not
       necessarily mean that a user agent has destroyed credentials (though
       that is normally the case). Also, a user can unilaterally destroy
       credentials (e.g., by terminating a browser session or removing cookies
       manually), so not all active sessions necessarily exist.


   Web Service Arguments
       dacs_current_credentials accepts the following arguments in addition to
       the standard CGI arguments[7].

           If "yes", this optional argument requests additional information.
           It is recognized only in conjunction with XML format output. By
           default, this argument can only be used by a DACS administrator
           (see dacs_admin()[8]). The activity tracking information is
           returned only if detail is requested.


       After authenticating[9] as DSS::INFOCARDS:bob, invoke
       dacs_current_credentials (HTML)[10] to view the identity (or
       identities) stored as a cookie in your browser. Information about the
       credentials can also be returned as XML[11].




       The program exits 0 if everything was fine, 1 if an error occurred.


       dacs_authenticate(8)[12], dacs_signout(8)[6]


       Distributed Systems Software ([13])


       Copyright2003-2012 Distributed Systems Software. See the LICENSE[14]
       file that accompanies the distribution for licensing information.


        1. dacsoptions

        2. user activity

        3. FORMAT argument

        4. dacs_current_credentials.css

        5. dacs_current_credentials.dtd

        6. dacs_signout(8)

        7. standard CGI arguments

        8. dacs_admin()

        9. authenticating

       10. invoke dacs_current_credentials (HTML)

       11. returned as XML

       12. dacs_authenticate(8)


       14. LICENSE