C program to authenticate user on AIX?

[Litening]

Hi

Can someone please supply me with a program (perhaps the C source)
that authenticates a user on AIX (against the password/shadow/security
file(s))?

So far I have the following from IBM, but I don't know how to
implement it (I'm not really a programmer):

_______________________
<CUT>
authenticate Subroutine

Purpose
Verifies a user's name and password.

Library
Security Library (libc.a)

Syntax
#include <usersec.h>

int authenticate (UserName, Response, Reenter, Message)
char *UserName;
char *Response;
int *Reenter;
char **Message;

</CUT>
______________________
Taken from the following link (which has more info):
http://publib16.boulder.ibm.com/doc...d/genprogc/ls_sec_audit_subrs.htm#lwurf19cjef
______________________

Thanks,
Litening

 

[Darren Tucker]

Can someone please supply me with a program (perhaps the C source)
that authenticates a user on AIX (against the password/shadow/security
file(s))?

Take a look at OpenSSH's auth-passwd.c. There's not a lot to it, it's
basically:

char *authmsg, *user, *password;
int reenter, result;

/* get username and password from user */
[...]

result = authenticate(user, password, &reenter, &authmsg);

/* check result, 0 = succeeded */
[...]

By rights you should loop until reenter == 0 but OpenSSH doesn't
(currently).

If you're using a *really* old AIX, you'll need to link with libs.a
(cc [options] -ls).

Hey, does anyone actually use a multi-step authentication process,
or secondary authentication methods? Can anyone point me to an example?
I've tried Google and read the "Elements of Security" Redbook.

 

[Michael W Ryder]

Can someone please supply me with a program (perhaps the C source)
that authenticates a user on AIX (against the password/shadow/security
file(s))?

Take a look at OpenSSH's auth-passwd.c. There's not a lot to it, it's
basically:

char *authmsg, *user, *password;
int reenter, result;

/* get username and password from user */
[...]

result = authenticate(user, password, &reenter, &authmsg);

/* check result, 0 = succeeded */
[...]

By rights you should loop until reenter == 0 but OpenSSH doesn't
(currently).

If you're using a *really* old AIX, you'll need to link with libs.a
(cc [options] -ls).

Hey, does anyone actually use a multi-step authentication process,
or secondary authentication methods? Can anyone point me to an example?
I've tried Google and read the "Elements of Security" Redbook.

Not sure if this is what you are looking for but I created my own
secondary authentication for our system. Once a user logs into our AIX
system I run a program that asks for their password. This is checked
not only for being valid but also if they are allowed "normal" access to
the TTY or telnet address they are loggin into. If they aren't it asks
for an "override" code. If this code is entered correctly the program
continues otherwise it locks up the session until a supervisor clears
it. The user's password that they entered in my program is also used to
control what programs they can run. It is also logged into a log that
is printed monthly.
The above was instituted because people were misusing passwords and in
one case set our company up for a lawsuit. Once their attorney was told
we had proof that their client's nephew had set us up the lawsuit was
quickly dropped. I then instituted the controls on requiring override
codes for supervisors.

 

[Darren Tucker]

Not sure if this is what you are looking for but I created my own
secondary authentication for our system.

[snip description]

I'm specifically interested in any implementation using AIX's
PRIMARY or SECONDARY authentication methods (ie something other than
"SYSTEM" for "authentication method" under SMIT/user). I'd like to test
OpenSSH's behaviour in those configurations.

If your system uses those, is the code available?

(followup-to set)