OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Passing password through a PAM-API
From: Benjamin S Vera-tudela (bveratudelaus.ibm.com)
Date: Thu Dec 14 2000 - 08:33:11 CST

Hello ....

I am new to PAM, and I am writing an application in Linux that needs to
authenticate users. So far, I have been successful in authenticating users
by letting the PAM APIs prompt the user to enter their password. However, I
would like users to send their password through an API as instead of
prompting them to enter their password. Can anybody explain if this is
possible and how?

For example, I would like a user to enter from the command line something
like:

$ myapp login [user] passwd [password]

and pass both [user] and [password] to a PAM API that will authenticate the
user with the given password.

Second, I noticed in the PAM website that an example application requires
application writers that wish to use PAM to add a couple of lines in the
/etc/pam.conf file that look like this:

[service name] auth required [pam auth library name]
[service name] account required [pam acct library name]

Is it possible to avoid having to do this? I believe that one option is to
provide your own authentication module (library) -- in the same way login,
su, and other Linux apps do --, and link your application to that module.
Are there any other options? Having to provide another library in my
application is the last option, so modifying the pam.conf file is probably
ok, but if there is an option that does not require providing a new library
and changing the pam.conf file, I would be glad to know about it.

Thanks in advance for any help ....

Benjamin S. Vera-Tudela
Software Engineer
IBM e-boss - Austin, Texas
Phone: (512)-838-8246
E-Mail: bveratudelaus.ibm.com

_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://listman.redhat.com/mailman/listinfo/pam-list