[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Authentication fun (revisited)

Iain Rae iainr@dcs.ed.ac.uk
Fri, 11 May 2001 02:50:54 -0700 (PDT)


...
>No PAM support is in the code right now.  It's something I'd love to
>see added.  Anything using PAM bits probably won't work...unless the
>standard getpwnam() and crypt() functions magically call the
>appropriate PAM routines.


I did some digging.


The PAM authentication mechanism basically consists of calling
pam_start(const char *service_name, const char *user,
                            const struct pam_conv *pam_conversation,
                            pam_handle_t **pamh)

and passing in the service name (to identify which of the rules in the pam configuration you should use) the username to be authenticated, a pointer to a structure containing a conversation function and some data and finally a handle to the pam session being used.

you can then call a number of functions such as pam_authenticate or pam_acct_mgmt (assuming the user is authenticated what does he have access to). And you have to call pam_end to shut things down.

If you are using standard pam modules the main chunk of code you have to write is the conversation function which handles interaction with the pam modules (it would normally ask for the users password or if you already have this it passes it on the to the PAM module).

If you simply wanted to replace the code in CheckPass which compares the input password with the system password then I think this is fairly trivial (some #ifdefs, the system calls listed above and write one function which there are a couple of examples of floating around the net).

This isn't really pamifying the app though, to do that properly you should really move the epass code into a module and there is more work involved however i suspect that in  the long run it would make adding stuff like kerberos easier (for those that have pam).


-- 
Iain Rae			Tel:01316505202	
Computing Officer		JCMB:2148
Division of Informatics
The University of Edinburgh