Need library to access operating system's user and password database

I need a library to access operating system's user and password database, in order to synchronize my app's user list with the operating system's. My app is going to be made in Java, so if the library is multi platform it would be great (at least Linux/Unix/*BSD and all Windows but 98/ME). But I think a multi platform library of this kind would be rare, so I can accept also that the library is only for Windows 2000/XP/2003 Server (and NT 4 if possible), or only for Linux/Unix/*BSD.

Originally the question was here:, but since I was said that I can use native languajes such as C++ from Java, I'm posting it here.
Who is Participating?
jkrConnect With a Mentor Commented:
>>is there an API call (in Windows or *nix), to which you pass a user name and password and says if they are correct
>>by looking at the OS's user/password database?

For Win32, see;en-us;q180548 ("How To Validate User Credentials on Microsoft Operating Systems")
If you want the user names, that's the easy part. On UN*X-like systems, just read /etc/passwd. On Win32, you'd use 'NetUserEnum()', which will work on all the platforms you mentioned. See for the sample code. However, obtaining the passwords is impossible, since they are stored as one-way hashes.
What is it that your application needs to do, that it would need the user's password?

We can probably give you a better alterantive if you can give us some details.
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

pulupulAuthor Commented:
jkr: obtaining the hashes would be enough, as I can later find out what algorithm (MD5 or any other) is being used by the OS to encrypt the passwords, then encrypt my passwords with the same algorithm, and compare the hashes. It can be done like that, can't it?.

The application is a kind of messaging server that is going to be used in an office LAN.
That *might* work on UN*X (with "shadowing" turned off), but not for Win32, since the hash function is not available...
>>The application is a kind of messaging server that is going to be used in an office LAN.

But why would you need the user's password?

I'm sure you can accomplish your application goal, with out the user's password.
Agree. If you really need it, have them type it. And even that I probably wouldn't do if I was the user in question :o)
pulupulAuthor Commented:
The behavior I would like is that my app is installed in a server, say Windows 2000 Server, and then when a client tries to connect to my server (using a client app I made myself too), he types his Windows 2000 domain user name and password. If the user changes his password in the Windows 2000 domain, then my app would detect it and refresh it's user/password database so that the next time the clients authentificates, he can use the new password.
Mmm I'm thinking, is there an API call (in Windows or *nix), to which you pass a user name and password and says if they are correct by looking at the OS's user/password database? If so, that would do the job.
If none of this can be done, I guess I could just import user names from OS, and mantain my own password list, which would be independent from the OS, but that's not what I want.
Ask anything you want and thanks for the replies.
Oh, and for UN*X, there's 'crypt()':

       crypt - password and data encryption

       #define _XOPEN_SOURCE
       #include <unistd.h>

       char *crypt(const char *key, const char *salt);

       crypt is the password encryption function.  It is based on
       the Data Encryption  Standard  algorithm  with  variations
       intended  (among  other things) to discourage use of hard­
       ware implementations of a key search.
pulupulAuthor Commented:
I'll use NetUserEnum() to get the user list, which I also need, and I'll use the method commented in;en-us;q180548, as it does not require my app to have permission to act as part as the operating system, which the other candidate API call, LogonUser (see Windows programming area link below), required. About crypt(): it is not what I need, since the only thing it does is encrypting a string with some algorithm. In *nix/*BSD platforms, I'll probably use PAM modules (see Linux prog. link below).

Specific OS related questions opened by me too:

So, thanks jkr, you told me all I needed, so I'm probably accepting your comments. I'm waiting some more days (2 or 3), just to see if someone knows about a library that handles all this.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.