Gregory Edigarov wrote:
Joachim Schipper wrote:
On Fri, May 22, 2009 at 11:25:17AM +0300, Gregory Edigarov wrote:
Hello,
Need just a small pointer to information on how to write an
authentication program
i.e. login_<SOMEWHAT> ? Because sources left much info outside.
Is there a specification or something?
Thanks. C
You'll want to read login.conf(5), in particular the AUTHENTICATION
section (it's not just a list of provided programs!). I'm not sure if
there are other sources of documentation, but it does appear to document
the protocol fairly well.
Logically I can understand, that password will be provided as an input
on file descriptor 3.
But I cannot find that in manual...
Come on... no where the man page says that password will be provided on
fd 3.
The man page says that file descriptor 3 will be open for reading and
writing
and that for authentication to be successful the program must exit with
value
0 and provide "authorize" or "authorize root" on file descriptor 3.
The fact that it does not say how and where the password is to be
provided is
precisely because the login scripts are supposed to abstract that so
that you
can write custom authentication which do not necessarily use passwords.
If you want to read a password and authenticate with it, you call
getpass(3),
you check that password against whatever database you use, and you
output the
"authorize" or "reject" line to descriptor 3, exactly as the man page says.
Gilles