<> <> DIRECTORY Rope: TYPE USING [ROPE], UserCredentialsUnsafe: TYPE USING [defaultOptions, LoginOptions, State]; UserCredentials: CEDAR DEFINITIONS = BEGIN <> <> State: TYPE = UserCredentialsUnsafe.State; -- {noCredentials, name, nameHint, nameAndPassword} <> GetCredentialsState: PROC RETURNS [State]; <> ChangeCredentialsState: PROC [new: State] RETURNS [old: State]; <> LoginOptions: TYPE = UserCredentialsUnsafe.LoginOptions; defaultOptions: LoginOptions = UserCredentialsUnsafe.defaultOptions; Login: PROC [options: LoginOptions _ defaultOptions]; <> < 0, Login bypasses all of the above processing and returns without inspecting the disk credentials area. Thus, once credentials have been established using SetUserCredentials, they remain in effect until discarded by one of the circumstances described earlier. It is intended that the initial call of SetUserCredentials occur implicitly as a result of a successful Login, and that the credentials thus established remain in effect until explicitly changed by a call of SetUserCredentials or until explicitly discarded. If every Pilot-based environment sharing the disk on this machine calls Login before it permits the user access to any information stored on the disk, a strong guarantee of disk privacy can be made (assuming State[name]).>> GetUserCredentials: PROC RETURNS [name, password: Rope.ROPE]; <> SetUserCredentials: PROC [name, password: Rope.ROPE]; <> END.