Coding Pam.

Simon Johansson simon.johansson at ladok.umu.se
Fri Jun 10 08:01:00 UTC 2005 

Hi. I am new to this list and to PAM so I hope that you all will be nice to
me :-)

 

The company that I am working for have diced that over program will use PAM
as an authentication.

 

The program is used under Linux, Sun and Digital.

 

I have made a small program to test it. It looks like this.

 

#include <security/pam_appl.h>

#include <security/pam_misc.h>

#include <stdio.h>

 

 

static struct pam_conv conv = {

    misc_conv,

    NULL

};

 

int main(int argc, char *argv[])

{

    pam_handle_t *pamh=NULL;

    int retval;

    const char *user="guest";

 

   retval = pam_start("check_user", user, &conv, &pamh);

 

   if(argc == 2) {

        user = argv[1];

    }

                      

    if(argc < 2) {

        fprintf(stderr, "Usage: check_user [username]\n");

        exit(1);

    }

 

   if (retval == PAM_SUCCESS)

       retval=pam_set_item(pamh,PAM_USER,user);

                      

    if (retval == PAM_SUCCESS)

        retval = pam_authenticate(pamh, 0);    /* is user really user? */

                                                                 

    if (retval == PAM_SUCCESS)

       retval = pam_acct_mgmt(pamh, 0);       /* permitted access? */

 

    /* This is where we have been authorized or not. */

 

    if (retval == PAM_SUCCESS) {

        fprintf(stdout, "Authenticated\n");

    } else {

        fprintf(stdout, "Not Authenticated\n");

    }

 

    if (pam_end(pamh,retval) != PAM_SUCCESS) {     /* close Linux-PAM */

        pamh = NULL;

        fprintf(stderr, "check_user: failed to release authenticator\n");

        exit(1);

    }

 

    return ( retval == PAM_SUCCESS ? 0:1 );       /* indicate success */

}

 

Now to my problem.

 

1)       The program I am manage is using a webpage for the user to login
to. So I can’t use misc_conv an as I understand is that misc_conv and
pam_misc.h is Linux specified. So how should I write the program so that
misc_conv is not used so that I can send in the password before
pam_authenticate. I like to do something like this
retval=pam_set_item(pamh,PAM_USER,user); but for password.

2)       This should also work on Solaris and in the further Digital.

 

What I would like is a small example code. So if you known some program or
webpage that have this please show me the way.

 

Sorry for my English.

 

/Simon  

-------------------------------------------------

Simon Johansson 

Ladokenheten 

Umeå University 

SE - 90187 Umeå

-------------------------------------------------

Phone:          +46(0)90 - 786 70 88

Fax:             +46(0)90 - 786 69 91

www:            <http://www.umu.se/ladokenheten> www.umu.se/ladokenheten

More information about the Pam-list mailing list