- 论坛徽章:
- 1
|
Tru64-FAQ-Security
Security 1 -- How do I authenticate users on Tru64 UNIX?
Perhaps a bit of background first - generally the question is related to C2 or Enhanced Security, but the question always boils down to how can I take a given username and password and authenticate a user. Generally, this would be a combination of:
pwd = getpwnam(username);
if (strcmp(pwd->;pw_passwd, crypt(password, pwd->;pw_passwd)) == 0)
return success;
return fail;
The above assumes char *username and char *password are filled in with "precollected" username and password...
The problem/issue with this method is that for Enhanced Security configurations the pwd->;pw_passwd field contains an asterisk ("*" and the password is actually stored in another database (/tcb/files/auth.db or /var/tcb/files/auth.db). In addition, the password found in those databases may not have been encrypted using the crypt() function.
Tru64 UNIX solves this by providing a general purpose function "sia_validate_user()" which will accept as parameters the username and password and perform the user authentication for you regardless of the security mechanism that is in place. Using the sia_validate_user() function relieves the programmer of needing to know what security mechanism is being used on the target Tru64 UNIX system.
The following is a code example which can be compiled and run as its own image or can be fit into an existing application which performs the getpwnam() and crypt() calls.
% cat siavaluser.c
#include
#include
#include
#include
#include
int main(int argc, char *argv[])
{
int myargc = 1;
char *myargv[2];
char *user = "someusername";
char *pass = "yourpassword";
int auth_stat;
myargv[0] = "yourapplicationname";
myargv[1] = NULL;
set_auth_parameters(argc, argv);
if (argc != 3) {
fprintf(stderr, "usage: %s username password
", argv[0]);
exit(1);
}
user = argv[1];
pass = argv[2];
auth_stat =
sia_validate_user(NULL,myargc,myargv,NULL,user,NULL,0,NULL,pass);
if (auth_stat != SIASUCCESS ) {
printf("No go %d", errno);
perror("";
}
printf ("Done
";
}
% cc -g -o siavaluser siavaluser.c -lsecurity
% ./siavaluser username password |
|
免费注册
发表于 2003-04-04 18:03
