Newbie app-writing question
Will McDonald
will at cs.wisc.edu
Mon Jun 14 17:25:23 UTC 2004
Hello,
I have a question on my first PAM-aware application, and the web has not
yielded the knowledge I need. I need to write an authentication function that
will be called from an external program. The function needs to take username &
pass as arguments and return 0 or 1. When I first did this for DG-UX I had to
resort to the old hash-password-and-compare-to-getpwnam() method, but since
we've moved to Linux I figure I should/need to do this through PAM.
So far I've built the reference program [0], but am trying to figure out how
to pass pam_authenticate() the password instead of having it ask for it - this
has to be completely non-interactive and produce no output. From the small
amount of examples and references I've found [1], I *think* I need to write a
new conversation function and pass that to pam_start(), but I haven't figured
out the propper syntax to do that [2].
Any help is appreciated.
Thanks,
-will
[0] http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam_appl-8.html
[1] http://www.freebsd.org/doc/en_US.ISO8859-1/articles/pam/index.html
[2] This was what I tried after merging [1] into [0], which doesn't work:
static struct pam_conv conv = {
misc_conv,
NULL
};
int static_conv(int n, const struct pam_message **msg,
struct pam_response **resp, void *data) {
struct pam_response *aresp;
int i;
if (n <= 0 || n > PAM_MAX_NUM_MSG)
return (PAM_CONV_ERR);
if ((aresp = calloc(n, sizeof *aresp)) == NULL)
return (PAM_BUF_ERR);
for (i = 0; i < n; ++i) {
aresp[i].resp_retcode = 0;
aresp[i].resp = "myActualSecretPass";
}
*resp = aresp;
return (PAM_SUCCESS);
}
int main(int argc, char *argv[])
{
.....
conv.conv = &static_conv;
retval = pam_start("test", user, &conv, &pamh);
.....
}
--
---------Will McDonald-----------------will at upl.cs.wisc.edu----------
GPG encrypted mail preferred. Join the web-o-trust! Key ID: F4332B28
More information about the Pam-list
mailing list