What is the LSB-approved authentication method?

Submitted by andavis on Wed, 10/08/2008 - 16:30.

Printer-friendly versionHi, I work with several Linux ISVs who have applications that interact with /etc/passwd and/or /etc/shadow and/or other user databases that are wired in via "PAM". Some of the apps just include functionality to list all users, and some actually do user authentication. What APIs should these apps use? Any suggestions re. getpwent() and getspent()? And should all apps that do authentication use PAM apis? ISVs (at least the ones I work with) really seem to need some direction in this area. TIA for your help. Regards, Ann

What is the LSB-approved authentication method?
Submitted by licquia on Fri, 10/10/2008 - 18:15.

Ann Davis wrote:
> I work with several Linux ISVs who have applications that interact with
> /etc/passwd and/or /etc/shadow and/or other user databases that are
> wired in via "PAM". Some of the apps just include functionality to list
> all users, and some actually do user authentication.
>
> What APIs should these apps use? Any suggestions re. getpwent() and
> getspent()? And should all apps that do authentication use PAM apis?
> ISVs (at least the ones I work with) really seem to need some direction
> in this area.

In general, apps should use the POSIX getpwent() and friends for
interacting with the user database generally, and PAM for
authentication. This way, apps can take advantage of non-local user
information and better authentication (such as LDAP/Kerberos/Active
Directory) without having to worry about explicitly coding such support
into their apps.

The shadow APIs (like getspent()) aren't in the LSB.

What is the LSB-approved authentication method?

Active forum topics