Returned values
-
cookie
Type: dictionary Required: no Description: The cookie returned by the previous hook in the session. If this is the first call for that session, it is initialized as an empty dictionary, otherwise it has the value returned by one of the previous calls in this particular custom Credential Store plugin. You can use the cookie to maintain the state for each particular connection or to transfer information between the different methods of the plugin. For an example that transfers information in the cookie between two methods, see "Examples" in the Creating custom Authentication and Authorization plugins.
-
session_cookie
Type: dictionary Required: no Description: You can use the session cookie to maintain global state between plugins for each particular connection. If this is the first call for that session, it is initialized as an empty dictionary, otherwise it has the value returned by a previous plugin hook in the session.
-
private_keys
Type: tuple list Required: no Description: A list of (<key type>, <private key>) tuples. If the plugin returns multiple private keys, SPS tries to use them to authenticate on the target server (in the order they are listed).
The key type must be ssh-rsa or ssh-dss. The private key must be a well-formatted private key blob in PKCS#1 or PKCS#8 in PEM (RFC 1421) format, and must include the corresponding headers. The Base64-formatted part must correspond to the RFC: "To represent the encapsulated text of a PEM message, the encoding function's output is delimited into text lines (using local conventions), with each line except the last containing exactly 64 printable characters and the final line containing 64 or fewer printable characters."
X.509 certificates are not supported, only private keys are.
authentication_completed
Called after a successful authentication attempt.
|
|
TIP:
You can use this hook to check-in the password to the Credential Store (since the user will not need it anymore) or to trigger a password change for the host. |
Input arguments
-
session_id
Type: string Description: The unique identifier of the session.
-
cookie
Type: dictionary Description: The cookie returned by the previous hook in the session. If this is the first call for that session, it is initialized as an empty dictionary, otherwise it has the value returned by one of the previous calls in this particular custom Credential Store plugin. You can use the cookie to maintain the state for each particular connection or to transfer information between the different methods of the plugin. For an example that transfers information in the cookie between two methods, see "Examples" in the Creating custom Authentication and Authorization plugins.
-
session_cookie
Type: dictionary Description: You can use the session cookie to maintain global state between plugins for each particular connection. If this is the first call for that session, it is initialized as an empty dictionary, otherwise it has the value returned by a previous plugin hook in the session.
Returned values
-
cookie
Type: dictionary Required: no Description: The cookie returned by the previous hook in the session. If this is the first call for that session, it is initialized as an empty dictionary, otherwise it has the value returned by one of the previous calls in this particular custom Credential Store plugin. You can use the cookie to maintain the state for each particular connection or to transfer information between the different methods of the plugin. For an example that transfers information in the cookie between two methods, see "Examples" in the Creating custom Authentication and Authorization plugins.
-
session_cookie
Type: dictionary Required: no Description: You can use the session cookie to maintain global state between plugins for each particular connection. If this is the first call for that session, it is initialized as an empty dictionary, otherwise it has the value returned by a previous plugin hook in the session.