LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux > Linux - Security
Reload this Page Authenticate loginID/Password if not 'root'
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Thread Tools
Old 11-08-2009, 02:02 PM   #1
jcrowley
LQ Newbie
 
Registered: Mar 2006
Posts: 5
Thanked: 0
Authenticate loginID/Password if not 'root'

[Log in to get rid of this advertisement]
We have a server implemented in C where we would like to improve authentication when a client requests service (via an SSL connection).

The client can run from anywhere but will be updated to send a LoginID/password (over the encrypted link), but how can we verify this?

Actual Linux authentication is setup in LDAP. Attempts to use 'getpwnam(...)' and other similar functions have all failed -- since we do not (and don't want to) run the server as 'root', these return 'x' instead of the encrypted password. In fact, we'd rather not even retrieve the encrypted password in the first place.

Is there any function such as:

canLogin(final char *login, final char *pwd)

which would run at a non-root level but still authenticate the given login/pwd and return either 0 or an error code (or possibly the UID of the user if it verifies OK)?

Essentially, 'canLogin' verifies that if this login/pwd were presented at a normal Login: prompt, then the login would be accepted.

We understand the potential hacking problem, so would expect some built-in time delay to prevent a rapid series of calls.

The only other solution appears to be forking another process and use SU to 'root' to gather the data, but this appears both messy and a potential security breach.

Thanks for any suggestions.
windows_xp_2003 jcrowley is offline     Reply With Quote
Old 11-08-2009, 03:21 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 33,329
Thanked: 182
As you've not mentioned it so far, I'd have to just suggest that you need to look at libpam to do all of this for you, that's exactly what it's there for.
windows_vista acid_kewpie is offline     Reply With Quote
Old 11-09-2009, 07:54 AM   #3
jcrowley
LQ Newbie
 
Registered: Mar 2006
Posts: 5
Thanked: 0

Original Poster
libpam
Was completely unaware of this but it looks like it should do what we need. Thanks.
windows_xp_2003 jcrowley is offline     Reply With Quote

Reply

Bookmarks


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
can't authenticate with root password rcmonroig Linux - Security 3 08-04-2009 09:21 PM
Unable to authenticate user with Fedora 10 and I know the password is correct eomalley Fedora 3 04-08-2009 02:59 PM
How could normal user obtain root password or change root password ckamheng Debian 18 02-18-2009 11:28 PM
How can i make Squid to authenticate username and password ? winxandlinx Linux - Networking 4 08-08-2006 11:42 PM
kppp issue - doesnt authenticate 'root' password ayrusnes Linux - Software 3 09-06-2004 01:50 PM


All times are GMT -5. The time now is 02:11 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap - LinuxQuestions.org - Linux Forums
Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
RSS2  LQ Podcast
RSS2  LQ Radio
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration