Connect to the Purdue Home Page

Purdue University

Identity and Access Management

The Authenticator Modify Command

The I2A2 authenticator DBM will make changes to an existing PUID's information via modification command requests. The authenticator DBM supports modifications to PUID, alias and common name as documented here. It also supports modifications to authentication realm records, as documented below.

The authenticator modify command is a restricted command. Modifications to authentication realm record fields are restricted by realm-wide and per-user ACLs.


The puidnetd.h symbol for the lookup command is PUIDNETD_CMD_MODIFY.


These keys may be used to identify a PUID whose information is to be modified. The field identifier symbols come from puidnetd.h

  • a -- alias (PUIDNETD_DATA_AKA); do an exact match on the alias field value.
  • p -- PUID (PUIDNETD_DATA_PUID); do an exact match on the PUID field value.


A positive acknowledgement (ACK) reflector reply message signifies the modification was made.

A negative acknowledgement (NAK) reply will contain these fields.

  • e -- an error code (PUIDNETD_DATA_ERRC); it accompanies a NAK reply.
  • M -- a message (PUIDNETD_DATA_MSG); it accompanies a NAK reply.

Modification Values

Authentication realm record modifications do not use the modification field record. Instead, they should include a realm record containing the new fields, which replace the existing ones.

The following authentication realm record fields may be modified:

  • PUIDNETD_DATA_AUTHC_CERT ('B') -- X.509 certificate
  • PUIDNETD_DATA_AUTHC_CBA ('}') -- Cumulative bad authentications counter
  • PUIDNETD_DATA_AUTHC_CGA ('{')-- Cumulative good authentications counter
  • PUIDNETD_DATA_AUTHC_BA ('`') -- Consecutive bad attempts since last good authentication counter
  • PUIDNETD_DATA_AUTHC_PWD ('P') -- Password
  • PUIDNETD_DATA_AUTHC_ACLR ('!') -- Per-user ACLs (add, modify, delete)
  • PUIDNETD_DATA_ATTR ('i') -- Realm attributes (unused)


The following examples assume a realm named Purdue, and a user whose PUID is 18 and whose alias is foobar33.

  • Set the cumulative bad authentications counter to 0 (zero).


  • Set a New Password The password ("secret0") is passed as base-64 encoded clear-text. The authenticator net daemon determines which encryption method is used by the Purdue realm, encrypts the password and sends it to the authentication DBM. N.B.: because the password is sent as clear-text, password modification requests must use an SSL connection to the authentication network daemon.


  • Add an ACL Entry to allow foobar33 to change his own password.


  • Modify the ACL Entry just created to add permission for foobar33 to modify his certificate.


  • Delete the ACL Entry just created for foobar33, leaving him with no permission to modify any of his authentication realm fields


Feedback | Contact Purdue
Maintained by: IAMO Team

Purdue University, West Lafayette, IN 47907, (765) 494-4600
© 2010 - 2013 Purdue University | An equal access/equal opportunity university | Copyright Complaints
If you have trouble accessing this page because of a disability, please contact the CSC at or (765) 494-4000.