mirror of
https://github.com/shadow-maint/shadow.git
synced 2024-11-24 02:24:32 +08:00
252 lines
8.3 KiB
XML
252 lines
8.3 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
|
|
<refentry id='pw_auth.3'>
|
|
<!-- $Id: pw_auth.3.xml,v 1.17 2005/11/05 17:17:30 kloczek Exp $ -->
|
|
<refmeta>
|
|
<refentrytitle>pw_auth</refentrytitle>
|
|
<manvolnum>3</manvolnum>
|
|
<refmiscinfo class="sectdesc">Library Calls</refmiscinfo>
|
|
</refmeta>
|
|
<refnamediv id='name'>
|
|
<refname>pw_auth</refname>
|
|
<refpurpose>administrator defined password authentication routines</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsect1 id='syntax'>
|
|
<title>SYNTAX</title>
|
|
<para>
|
|
<emphasis>#include <pwauth.h></emphasis>
|
|
</para>
|
|
|
|
<para>
|
|
<emphasis>int pw_auth (char</emphasis>
|
|
<emphasis remap='I'>*command,</emphasis>
|
|
<emphasis>char</emphasis>
|
|
<emphasis remap='I'>*user,</emphasis>
|
|
<emphasis>int</emphasis>
|
|
<emphasis remap='I'>reason,</emphasis>
|
|
<emphasis>char</emphasis>
|
|
<emphasis remap='I'>*input)</emphasis><emphasis>;</emphasis>
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id='description'>
|
|
<title>DESCRIPTION</title>
|
|
<para>
|
|
<emphasis>pw_auth</emphasis> invokes the administrator defined
|
|
functions for a given user.
|
|
</para>
|
|
|
|
<para>
|
|
<emphasis remap='I'>command</emphasis> is the name of the
|
|
authentication program. It is retrieved from the user's password file
|
|
information. The string contains one or more executable file names,
|
|
delimited by semi-colons. Each program will be executed in the order
|
|
given. The command line arguments are given for each of the reasons
|
|
listed below.
|
|
</para>
|
|
|
|
<para>
|
|
<emphasis remap='I'>user</emphasis> is the name of the user to be
|
|
authenticated, as given in the <filename>/etc/passwd</filename> file.
|
|
User entries are indexed by username. This allows non-unique user IDs
|
|
to be present and for each different username associated with that
|
|
user ID to have a different authentication program and information.
|
|
</para>
|
|
|
|
<para>
|
|
Each of the permissible authentication reasons is handled in a
|
|
potentially differenent manner. Unless otherwise mentioned, the
|
|
standard file descriptors 0, 1, and 2 are available for communicating
|
|
with the user. The real user ID may be used to determine the identity
|
|
of the user making the authentication request. <emphasis
|
|
remap='I'>reason</emphasis> is one of:
|
|
</para>
|
|
<variablelist remap='IP'>
|
|
<varlistentry>
|
|
<term>
|
|
<emphasis>PW_SU</emphasis>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Perform authentication for the current real user ID attempting
|
|
to switch real user ID to the named user. The authentication
|
|
program will be invoked with a <option>-s</option> option,
|
|
followed by the username.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<emphasis>PW_LOGIN</emphasis>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Perform authentication for the named user creating a new login
|
|
session. The authentication program will be invoked with a
|
|
<option>-l</option> option, followed by the username.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<emphasis>PW_ADD</emphasis>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Create a new entry for the named user. This allows an
|
|
authentication program to initialize storage for a new user. The
|
|
authentication program will be invoked with a
|
|
<option>-a</option> option, followed by the username.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<emphasis>PW_CHANGE</emphasis>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Alter an existing entry for the named user. This allows an
|
|
authentication program to alter the authentication information
|
|
for an existing user. The authentication program will be invoked
|
|
with a <option>-c</option> option, followed by the username.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<emphasis>PW_DELETE</emphasis>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Delete authentication information for the named user. This
|
|
allows an authentication program to reclaim storage for a user
|
|
which is no longer authenticated using the authentication
|
|
program. The authentication program will be invoked with a
|
|
<option>-d</option> option, followed by the username.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<emphasis>PW_TELNET</emphasis>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Authenticate a user who is connecting to the system using the
|
|
<command>telnet</command> command. The authentication program
|
|
will be invoked with a <option>-t</option> option, followed by
|
|
the username.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<emphasis>PW_RLOGIN</emphasis>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Authenticate a user who is connecting to the system using the
|
|
<emphasis>rlogin</emphasis> command. The
|
|
authentication program will be invoked with a
|
|
<option>-r</option> option, followed by the username.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<emphasis>PW_FTP</emphasis>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Authenticate a user who is connecting to the system using the
|
|
<emphasis>ftp</emphasis> command. The authentication program
|
|
will be invoked with a <option>-f</option> option, followed by
|
|
the username. The standard file descriptors are not available
|
|
for communicating with the user. The standard input file
|
|
descriptor will be connected to the parent process, while the
|
|
other two output file descriptors will be connected to
|
|
<filename>/dev/null</filename>. The <emphasis>pw_auth</emphasis>
|
|
function will pipe a single line of data to the authentication
|
|
program using file descriptor 0.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term>
|
|
<emphasis>PW_REXEC</emphasis>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Authenticate a user who is connecting to the system using the
|
|
<emphasis remap='I'>rexec</emphasis> command. The authentication
|
|
program will be invoked with a <option>-x</option> option,
|
|
followed by the username. The standard file descriptors are not
|
|
available for communicating with the remote user. The standard
|
|
input file descriptor will be connected to the parent process,
|
|
while the other two output file descriptors will be connected to
|
|
<filename>/dev/null</filename>. The <emphasis>pw_auth</emphasis>
|
|
function will pipe a single line of data to the authentication
|
|
program using file descriptor 0.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
|
|
<para>
|
|
The last argument is the authentication data which is used by the
|
|
<emphasis>PW_FTP</emphasis> and <emphasis>PW_REXEC</emphasis> reasons.
|
|
It is treated as a single line of text which is piped to the
|
|
authentication program. When the reason is
|
|
<emphasis>PW_CHANGE,</emphasis> the value of <emphasis
|
|
remap='I'>input</emphasis> is the value of previous user name if the
|
|
user name is being changed.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id='caveats'>
|
|
<title>CAVEATS</title>
|
|
<para>
|
|
This function does not create the actual session. It only indicates if
|
|
the user should be allowed to create the session.
|
|
</para>
|
|
|
|
<para>The network options are untested at this time.</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id='diagnostics'>
|
|
<title>DIAGNOSTICS</title>
|
|
<para>
|
|
The <emphasis>pw_auth</emphasis> function returns 0 if the
|
|
authentication program exited with a 0 exit code, and a non-zero value
|
|
otherwise.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id='see_also'>
|
|
<title>SEE ALSO</title>
|
|
<para>
|
|
<citerefentry>
|
|
<refentrytitle>login</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>passwd</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>su</refentrytitle><manvolnum>1</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>.
|
|
</para>
|
|
</refsect1>
|
|
</refentry>
|