Need API call that authentificates against Linux' user/pass database.

Is there an API call, to which you pass a user name and password and says if they are correct by looking at the Linux's user/password database (/etc/passwd or shadowed passwords)?. I would like it to be portable to Unix and *BSD if possible.
If there is a way to get all the OS's user and password database that would do the job too.

I first asked here: http://www.experts-exchange.com/Programming/Programming_Languages/Cplusplus/Q_21095702.html
But as this question is somewhat different and specific to Linux/*nix/*BSD platform, I'm posting it here.
LVL 3
pulupulAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
pulupulAuthor Commented:
I've been looking at http://www.freebsd.org/cgi/man.cgi?query=pam_unix&sektion=8, and it might be what I need. But, how do you use it from a C++ program? is it shared library?
0
 
jlevieConnect With a Mentor Commented:
If you want it portable across various flavors of Linux & Unix you don't want to be using PAM as it's implementation differs and it isn't supported by all variants.

What will work on all platforms that use local authentication is to take the plaintext user password, the salt from the encrupted copy of the password and compute a DES or MD5 password. Compare that to what's in the passwd/shadow file and if the match the user is authenticated.

The problem with that approach is that you need read access to the encrypted passwords, which is only granted to root on any modern Linux/Unix. Additionally the system may not be using local authentication and could be authenticating via Kerberos, LDAP, or any of a number of other methods (usually via PAM).

To see how this is done on a variety of platforms I'd suggest that you look thorugh the source code to OpenSSH's sshd.
0
All Courses

From novice to tech pro — start learning today.