On Wed, May 24, 2023 at 9:42 AM Lal, Arun <arun....@intel.com> wrote:
> Hi All, > > > > I was trying to authenticate a user from a deamon running in my machine. > And I found systemd-login can be used. > > I went through documentation for interface org.freedesktop.login1, but I > am not clear on how it can be used. > > > > Lets assume that there is a deamon called xyz running in my device which > has a webserver component. And it receives a request to login from https > side. > > And once the deamon has username and password, I would like to invoke some > dbus calls to org.freedesktop.login1 to perform the authentication. > systemd-logind does not have that functionality. It's a session manager, not an authentication service. (And the sessions it manages are meant for mostly interactive connections; not for webapp sessions.) Usually system authentication is done by loading libpam in-process (must be done from a privileged process running as root). If that is not possible (e.g. if you're using an unprivileged webapp), the *saslauthd* daemon from Cyrus-SASL would be one option – it is designed to be used by various network services to validate passwords over a Unix socket interface and has a PAM backend (`saslauthd -a pam`). I don't know of other such daemons (surprisingly, SSSD doesn't expose an authenticate call through its D-Bus interface either, keeping it internal to PAM only), but that's the general approach if you plan on writing your own. -- Mantas Mikulėnas
