Need library to access operating system's user and password database

If you want the user names, that's the easy part. On UN*X-like systems, just read /etc/passwd. On Win32, you'd use 'NetUserEnum()', which will work on all the platforms you mentioned. See http://win32.mvps.org/network/nue_nqdi.cpp for the sample code. However, obtaining the passwords is impossible, since they are stored as one-way hashes.

What is it that your application needs to do, that it would need the user's password?

We can probably give you a better alterantive if you can give us some details.

jkr: obtaining the hashes would be enough, as I can later find out what algorithm (MD5 or any other) is being used by the OS to encrypt the passwords, then encrypt my passwords with the same algorithm, and compare the hashes. It can be done like that, can't it?.

The application is a kind of messaging server that is going to be used in an office LAN.

That *might* work on UN*X (with "shadowing" turned off), but not for Win32, since the hash function is not available...

>>The application is a kind of messaging server that is going to be used in an office LAN.

But why would you need the user's password?

I'm sure you can accomplish your application goal, with out the user's password.

Agree. If you really need it, have them type it. And even that I probably wouldn't do if I was the user in question :o)

The behavior I would like is that my app is installed in a server, say Windows 2000 Server, and then when a client tries to connect to my server (using a client app I made myself too), he types his Windows 2000 domain user name and password. If the user changes his password in the Windows 2000 domain, then my app would detect it and refresh it's user/password database so that the next time the clients authentificates, he can use the new password.
Mmm I'm thinking, is there an API call (in Windows or *nix), to which you pass a user name and password and says if they are correct by looking at the OS's user/password database? If so, that would do the job.
If none of this can be done, I guess I could just import user names from OS, and mantain my own password list, which would be independent from the OS, but that's not what I want.
Ask anything you want and thanks for the replies.

Oh, and for UN*X, there's 'crypt()':

NAME
       crypt - password and data encryption

SYNOPSIS
       #define _XOPEN_SOURCE
       #include <unistd.h>

       char *crypt(const char *key, const char *salt);

DESCRIPTION
       crypt is the password encryption function.  It is based on
       the Data Encryption  Standard  algorithm  with  variations
       intended  (among  other things) to discourage use of hard­
       ware implementations of a key search.

I'll use NetUserEnum() to get the user list, which I also need, and I'll use the method commented in http://support.microsoft.com/default.aspx?scid=KB;en-us;q180548, as it does not require my app to have permission to act as part as the operating system, which the other candidate API call, LogonUser (see Windows programming area link below), required. About crypt(): it is not what I need, since the only thing it does is encrypting a string with some algorithm. In *nix/*BSD platforms, I'll probably use PAM modules (see Linux prog. link below).

Specific OS related questions opened by me too:
Windows: https://www.experts-exchange.com/questions/21096449/Need-API-call-that-authentificates-against-Windows'-user-pass-database.html
Linux: https://www.experts-exchange.com/questions/21096715/Need-API-call-that-authentificates-against-Linux'-user-pass-database.html

So, thanks jkr, you told me all I needed, so I'm probably accepting your comments. I'm waiting some more days (2 or 3), just to see if someone knows about a library that handles all this.