Hi
Can someone please supply me with a program (perhaps the C source)
that authenticates a user on AIX (against the password/shadow/security
file(s))?
So far I have the following from IBM, but I don't know how to
implement it (I'm not really a programmer):
_______________ ________
<CUT>
authenticate Subroutine
Purpose
Verifies a user's name and password.
Library
Security Library (libc.a)
Syntax
#include <usersec.h>
int authenticate (UserName, Response, Reenter, Message)
char *UserName;
char *Response;
int *Reenter;
char **Message;
</CUT>
_______________ _______
Taken from the following link (which has more info): http://publib16.boulder.ibm.com/doc_...tm#lwurf19cjef
_______________ _______
Thanks,
Litening 3 5403
In article <d3************ **************@ posting.google. com>,
Litening <go****@zxmoon. com> wrote: Can someone please supply me with a program (perhaps the C source) that authenticates a user on AIX (against the password/shadow/security file(s))?
Take a look at OpenSSH's auth-passwd.c. There's not a lot to it, it's
basically:
char *authmsg, *user, *password;
int reenter, result;
/* get username and password from user */
[...]
result = authenticate(us er, password, &reenter, &authmsg);
/* check result, 0 = succeeded */
[...]
By rights you should loop until reenter == 0 but OpenSSH doesn't
(currently).
If you're using a *really* old AIX, you'll need to link with libs.a
(cc [options] -ls).
Hey, does anyone actually use a multi-step authentication process,
or secondary authentication methods? Can anyone point me to an example?
I've tried Google and read the "Elements of Security" Redbook.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Darren Tucker wrote: In article <d3************ **************@ posting.google. com>, Litening <go****@zxmoon. com> wrote:
Can someone please supply me with a program (perhaps the C source) that authenticates a user on AIX (against the password/shadow/security file(s))?
Take a look at OpenSSH's auth-passwd.c. There's not a lot to it, it's basically:
char *authmsg, *user, *password; int reenter, result;
/* get username and password from user */ [...]
result = authenticate(us er, password, &reenter, &authmsg);
/* check result, 0 = succeeded */ [...]
By rights you should loop until reenter == 0 but OpenSSH doesn't (currently).
If you're using a *really* old AIX, you'll need to link with libs.a (cc [options] -ls).
Hey, does anyone actually use a multi-step authentication process, or secondary authentication methods? Can anyone point me to an example? I've tried Google and read the "Elements of Security" Redbook.
Not sure if this is what you are looking for but I created my own
secondary authentication for our system. Once a user logs into our AIX
system I run a program that asks for their password. This is checked
not only for being valid but also if they are allowed "normal" access to
the TTY or telnet address they are loggin into. If they aren't it asks
for an "override" code. If this code is entered correctly the program
continues otherwise it locks up the session until a supervisor clears
it. The user's password that they entered in my program is also used to
control what programs they can run. It is also logged into a log that
is printed monthly.
The above was instituted because people were misusing passwords and in
one case set our company up for a lawsuit. Once their attorney was told
we had proof that their client's nephew had set us up the lawsuit was
quickly dropped. I then instituted the controls on requiring override
codes for supervisors.
In article <dm************ **@newsread4.ne ws.pas.earthlin k.net>,
Michael W Ryder <mwryder@_earth link_.net> wrote: Darren Tucker wrote: Hey, does anyone actually use a multi-step authentication process, or secondary authentication methods? Can anyone point me to an example? I've tried Google and read the "Elements of Security" Redbook. Not sure if this is what you are looking for but I created my own secondary authentication for our system.
[snip description]
I'm specifically interested in any implementation using AIX's
PRIMARY or SECONDARY authentication methods (ie something other than
"SYSTEM" for "authentica tion method" under SMIT/user). I'd like to test
OpenSSH's behaviour in those configurations.
If your system uses those, is the code available?
(followup-to set)
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Renato Neves |
last post by:
The following code is working fine, i can create the user in the Active
Directory and "enable" it.
My problem is that, when i'm trying to authenticate him, i can't get to
work!! The user and pass is correct, but it can't authenticate. If i try
other user created in the AD, it work just fine!!!
<------------------------------------------------------------------------------------------------------------->
< ...
|
by: allenj |
last post by:
DB2 UDB 7.2 WSE
Fixpak 9
Linux Red Hat 7.3
A very strange thing just happened w/ my DB2 server. I am on Linux and
using NIS - the instance owner is in the servers /etc/passwd file.
Suddenly, DB2 would not authenticate any NIS-based logins, but it
*would* authenticate the local non-NIS instance owner. This was
happening not only w/ local connections on the server, but also
|
by: Ram |
last post by:
How to Authenticate NDS server using C#
|
by: mike |
last post by:
Hello.
I have a web site that is using Basic Authentication (yes, I am using HTTPS)
and is sessionless (I am maintaining session state in a database via a
custom component).
When the user clicks "Log Off", or when a cookie expires, I want to
Un-Authenticate the user so that he/she cannot back-pedal to a page without
having to sign in again.
|
by: ALI-R |
last post by:
I know how to authenticate to a webservice using either of these
ways(Assuming that rService represents the webservice):
1) rService.Credentials = new
System.Net.NetworkCredential("username","password","domainName");
2)rService.Credentials = System.Net.CredentialCache.DefaultCredentials;
My question is that is there a way to authenticate to a user using
WindowsIdentity ???
| |
by: EricRybarczyk |
last post by:
I am starting a rewrite of an existing Classic ASP web site in ASP.NET 2.0.
The existing ASP application has several types of users, each with a separate
login process (separate login page, separate DB tables, etc). For one of
these user types, the current application has an additional input field
required for login… they have a username, password, and another “location
code” field. Please don’t make me explain or justify this…...
|
by: kevin.vaughan |
last post by:
Hello Everyone,
Is it possible to authenticate the windows password through Active
Directory?
If so, how would this be done.
I have a login screen in my application and am trying to set it up with
the same login details as Windows to streamline the experience for
users. It also must allow 1 user to log onto the application while
another user is logged onto windows. I must know who is logged onto the
|
by: Michael Howes |
last post by:
I would think this would be very, very easy but in the 50 searches
I've done I haven't found anything.
If our application requires login and that user/password be a local
windows account or more detailed, a user that has been added to the
Power Users group that is either a local account or a active directory
account how do I authenticate?
I've found code that seems to do this against Active Directory
|
by: Jon |
last post by:
I am modifying an app for a customer in ASP.Net 1.1. The app is running on a
server outside their network, yet they want to authenticate users against
their internal active directory set up (they will open the necessary ports).
So, I have a simple login page with username and password, and then I will
authenticate that credentials entered against their AD server. I am having a
real hard time figuring this out. We can't use Windows Forms...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, well explore What is ONU, What Is Router, ONU & Routers main usage, and What is the difference between ONU and Router. Lets take a closer look !
Part I. Meaning of...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupr who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |