C program to authenticate user on AIX?

In article <d3**************************@posting.google.com >,
Litening <go****@zxmoon.com> wrote:

Can someone please supply me with a program (perhaps the C source)
that authenticates a user on AIX (against the password/shadow/security
file(s))?

Take a look at OpenSSH's auth-passwd.c. There's not a lot to it, it's
basically:

char *authmsg, *user, *password;
int reenter, result;

/* get username and password from user */
[...]

result = authenticate(user, password, &reenter, &authmsg);

/* check result, 0 = succeeded */
[...]

By rights you should loop until reenter == 0 but OpenSSH doesn't
(currently).

If you're using a *really* old AIX, you'll need to link with libs.a
(cc [options] -ls).

Hey, does anyone actually use a multi-step authentication process,
or secondary authentication methods? Can anyone point me to an example?
I've tried Google and read the "Elements of Security" Redbook.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Darren Tucker wrote:

In article <d3**************************@posting.google.com >,
Litening <go****@zxmoon.com> wrote:

Can someone please supply me with a program (perhaps the C source)
that authenticates a user on AIX (against the password/shadow/security
file(s))?

Take a look at OpenSSH's auth-passwd.c. There's not a lot to it, it's
basically:

char *authmsg, *user, *password;
int reenter, result;

/* get username and password from user */
[...]

result = authenticate(user, password, &reenter, &authmsg);

/* check result, 0 = succeeded */
[...]

By rights you should loop until reenter == 0 but OpenSSH doesn't
(currently).

If you're using a *really* old AIX, you'll need to link with libs.a
(cc [options] -ls).

Hey, does anyone actually use a multi-step authentication process,
or secondary authentication methods? Can anyone point me to an example?
I've tried Google and read the "Elements of Security" Redbook.

Not sure if this is what you are looking for but I created my own
secondary authentication for our system. Once a user logs into our AIX
system I run a program that asks for their password. This is checked
not only for being valid but also if they are allowed "normal" access to
the TTY or telnet address they are loggin into. If they aren't it asks
for an "override" code. If this code is entered correctly the program
continues otherwise it locks up the session until a supervisor clears
it. The user's password that they entered in my program is also used to
control what programs they can run. It is also logged into a log that
is printed monthly.
The above was instituted because people were misusing passwords and in
one case set our company up for a lawsuit. Once their attorney was told
we had proof that their client's nephew had set us up the lawsuit was
quickly dropped. I then instituted the controls on requiring override
codes for supervisors.

In article <dm**************@newsread4.news.pas.earthlink.net >,
Michael W Ryder <mwryder@_earthlink_.net> wrote:

Darren Tucker wrote:

Hey, does anyone actually use a multi-step authentication process,
or secondary authentication methods? Can anyone point me to an example?
I've tried Google and read the "Elements of Security" Redbook.

Not sure if this is what you are looking for but I created my own
secondary authentication for our system.

[snip description]

I'm specifically interested in any implementation using AIX's
PRIMARY or SECONDARY authentication methods (ie something other than
"SYSTEM" for "authentication method" under SMIT/user). I'd like to test
OpenSSH's behaviour in those configurations.

If your system uses those, is the code available?

(followup-to set)

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.