Re: C program to authenticate user on AIX?
From: Michael W Ryder (mwryder_at__earthlink_.net)
Date: 07/31/03
- Next message: Nenad: "Re: ptf, pathces and mainteiners level ...."
- Previous message: Nenad: "Re: securing Oracle ports"
- In reply to: Darren Tucker: "Re: C program to authenticate user on AIX?"
- Next in thread: Darren Tucker: "Re: C program to authenticate user on AIX?"
- Reply: Darren Tucker: "Re: C program to authenticate user on AIX?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 31 Jul 2003 07:15:21 GMT
Darren Tucker wrote:
> In article <d3d692b9.0307301518.4de7e749@posting.google.com>,
> Litening <google@zxmoon.com> wrote:
>
>>Can someone please supply me with a program (perhaps the C source)
>>that authenticates a user on AIX (against the password/shadow/security
>>file(s))?
>
>
> Take a look at OpenSSH's auth-passwd.c. There's not a lot to it, it's
> basically:
>
> char *authmsg, *user, *password;
> int reenter, result;
>
> /* get username and password from user */
> [...]
>
> result = authenticate(user, password, &reenter, &authmsg);
>
> /* check result, 0 = succeeded */
> [...]
>
> By rights you should loop until reenter == 0 but OpenSSH doesn't
> (currently).
>
> If you're using a *really* old AIX, you'll need to link with libs.a
> (cc [options] -ls).
>
> Hey, does anyone actually use a multi-step authentication process,
> or secondary authentication methods? Can anyone point me to an example?
> I've tried Google and read the "Elements of Security" Redbook.
>
Not sure if this is what you are looking for but I created my own
secondary authentication for our system. Once a user logs into our AIX
system I run a program that asks for their password. This is checked
not only for being valid but also if they are allowed "normal" access to
the TTY or telnet address they are loggin into. If they aren't it asks
for an "override" code. If this code is entered correctly the program
continues otherwise it locks up the session until a supervisor clears
it. The user's password that they entered in my program is also used to
control what programs they can run. It is also logged into a log that
is printed monthly.
The above was instituted because people were misusing passwords and in
one case set our company up for a lawsuit. Once their attorney was told
we had proof that their client's nephew had set us up the lawsuit was
quickly dropped. I then instituted the controls on requiring override
codes for supervisors.
- Next message: Nenad: "Re: ptf, pathces and mainteiners level ...."
- Previous message: Nenad: "Re: securing Oracle ports"
- In reply to: Darren Tucker: "Re: C program to authenticate user on AIX?"
- Next in thread: Darren Tucker: "Re: C program to authenticate user on AIX?"
- Reply: Darren Tucker: "Re: C program to authenticate user on AIX?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
