On 3/28/22 19:08, Roger Seguin wrote:
We have a GUI-based computer program that drives an external device/machine.
By default our software only displays limited information on that external
device.
However, when a power user (group defined in /etc) identifies himself by
entering their credentials through our software GUI, our software then checks
those credentials against /etc/shadow using crypt() and getspnam() and, if
succesful, provides extra functions for configuring our external device/machine.
Actually, our software runs on several networked computers and our users, which
are all local (defined in /etc), are duplicated on each computer.
This is not ideal and we would rather like to have all users managed by IPA in
a central place (dedicated computer as the IPA server) with our software
running in IPA clients. Therefore, our software won't be able to check users'
credentials using the local /etc/shadow file anymore.
Basically, we would need to be able to query IPA programmatically (C language -
or at least a shell script) to check that a username+password is correct.
You do an LDAP bind using the username and password. If it's
successful, then the combination is valid.
You could also look to see how sssd does it.
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
