How do I authenticate users on Tru64 UNIX?


Perhaps a bit of background first - generally the question is related to
C2 or Enhanced Security, but the question always boils down to how can I
take a given username and password and authenticate a user. Generally,
this would be a combination of :

pwd = getpwnam(username);
if (strcmp(pwd-pw_passwd, crypt(password, pwd-pw_passwd)) == 0)
return success;
return fail;

The above assumes char *username and char *password are filled in with
"precollected" username and password...

The problem/issue with this method is that for Enhanced Security
configurations the pwd-pw_passwd field contains an asterisk ("*") and
the password is actually stored in another database (/tcb/files/auth.db
or /var/tcb/files/auth.db). In addition, the password found in those
databases may not have been encrypted using the crypt() function.

Tru64 UNIX solves this by providing a general purpose function
"sia_validate_user()" which will accept as parameters the username and
password and perform the user authentication for you regardless of the
security mechanism that is in place. Using the sia_validate_user()
function relieves the programmer of needing to know what security
mechanism is being used on the target Tru64 UNIX system.

The following is a code example which can be compiled and run as its own
image or can be fit into an existing application which performs the
getpwnam() and crypt() calls.

% cat siavaluser.c
#include
#include
#include
#include
#include

int main(int argc, char *argv[])
{
int myargc = 1;
char *myargv[2];
char *user = "someusername";
char *pass = "yourpassword";
int auth_stat;

myargv[0] = "yourapplicationname";
myargv[1] = NULL;

set_auth_parameters(argc, argv);

if (argc != 3) {
fprintf(stderr, "usage: %s username password
", argv[0]);
exit(1);
}

user = argv[1];
pass = argv[2];

auth_stat =
sia_validate_user(NULL,myargc,myargv,NULL,user,NULL,0,NULL,pass);

if (auth_stat != SIASUCCESS ) {
printf("No go %d", errno);
perror("");
}
printf ("Done
");
}

% cc -g -o siavaluser siavaluser.c -lsecurity
% ./siavaluser username password



UNIXguide.net
Suggest a Site