123 lines
5.2 KiB
Groff
123 lines
5.2 KiB
Groff
.\" ** You probably do not want to edit this file directly **
|
|
.\" It was generated using the DocBook XSL Stylesheets (version 1.69.0).
|
|
.\" Instead of manually editing it, you probably should edit the DocBook XML
|
|
.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
|
|
.TH "PW_AUTH" "3" "08/03/2005" "" ""
|
|
.\" disable hyphenation
|
|
.nh
|
|
.\" disable justification (adjust text to left margin only)
|
|
.ad l
|
|
.SH "NAME"
|
|
pw_auth \- administrator defined password authentication routines
|
|
.SH "SYNTAX"
|
|
.PP
|
|
\fI#include <pwauth.h>\fR
|
|
.PP
|
|
\fIint pw_auth (char\fR \fI*command,\fR \fIchar\fR \fI*user,\fR \fIint\fR \fIreason,\fR \fIchar\fR \fI*input)\fR\fI;\fR
|
|
.SH "DESCRIPTION"
|
|
.PP
|
|
\fIpw_auth\fR
|
|
invokes the administrator defined functions for a given user.
|
|
.PP
|
|
\fIcommand\fR
|
|
is the name of the authentication program. It is retrieved from the user's password file information. The string contains one or more executable file names, delimited by semi\-colons. Each program will be executed in the order given. The command line arguments are given for each of the reasons listed below.
|
|
.PP
|
|
\fIuser\fR
|
|
is the name of the user to be authenticated, as given in the
|
|
\fI/etc/passwd\fR
|
|
file. User entries are indexed by username. This allows non\-unique user IDs to be present and for each different username associated with that user ID to have a different authentication program and information.
|
|
.PP
|
|
Each of the permissible authentication reasons is handled in a potentially differenent manner. Unless otherwise mentioned, the standard file descriptors 0, 1, and 2 are available for communicating with the user. The real user ID may be used to determine the identity of the user making the authentication request.
|
|
\fIreason\fR
|
|
is one of:
|
|
.TP
|
|
\fIPW_SU\fR
|
|
Perform authentication for the current real user ID attempting to switch real user ID to the named user. The authentication program will be invoked with a
|
|
\fB\-s\fR
|
|
option, followed by the username.
|
|
.TP
|
|
\fIPW_LOGIN\fR
|
|
Perform authentication for the named user creating a new login session. The authentication program will be invoked with a
|
|
\fB\-l\fR
|
|
option, followed by the username.
|
|
.TP
|
|
\fIPW_ADD\fR
|
|
Create a new entry for the named user. This allows an authentication program to initialize storage for a new user. The authentication program will be invoked with a
|
|
\fB\-a\fR
|
|
option, followed by the username.
|
|
.TP
|
|
\fIPW_CHANGE\fR
|
|
Alter an existing entry for the named user. This allows an authentication program to alter the authentication information for an existing user. The authentication program will be invoked with a
|
|
\fB\-c\fR
|
|
option, followed by the username.
|
|
.TP
|
|
\fIPW_DELETE\fR
|
|
Delete authentication information for the named user. This allows an authentication program to reclaim storage for a user which is no longer authenticated using the authentication program. The authentication program will be invoked with a
|
|
\fB\-d\fR
|
|
option, followed by the username.
|
|
.TP
|
|
\fIPW_TELNET\fR
|
|
Authenticate a user who is connecting to the system using the
|
|
\fItelnet\fR
|
|
command. The authentication program will be invoked with a
|
|
\fB\-t\fR
|
|
option, followed by the username.
|
|
.TP
|
|
\fIPW_RLOGIN\fR
|
|
Authenticate a user who is connecting to the system using the
|
|
\fIrlogin\fR
|
|
command. The authentication program will be invoked with a
|
|
\fB\-r\fR
|
|
option, followed by the username.
|
|
.TP
|
|
\fIPW_FTP\fR
|
|
Authenticate a user who is connecting to the system using the
|
|
\fIftp\fR
|
|
command. The authentication program will be invoked with a
|
|
\fB\-f\fR
|
|
option, followed by the username. The standard file descriptors are not available for communicating with the user. The standard input file descriptor will be connected to the parent process, while the other two output file descriptors will be connected to
|
|
\fI/dev/null\fR. The
|
|
\fIpw_auth\fR
|
|
function will pipe a single line of data to the authentication program using file descriptor 0.
|
|
.TP
|
|
\fIPW_REXEC\fR
|
|
Authenticate a user who is connecting to the system using the
|
|
\fIrexec\fR
|
|
command. The authentication program will be invoked with a
|
|
\fB\-x\fR
|
|
option, followed by the username. The standard file descriptors are not available for communicating with the remote user. The standard input file descriptor will be connected to the parent process, while the other two output file descriptors will be connected to
|
|
\fI/dev/null\fR. The
|
|
\fIpw_auth\fR
|
|
function will pipe a single line of data to the authentication program using file descriptor 0.
|
|
.PP
|
|
The last argument is the authentication data which is used by the
|
|
\fIPW_FTP\fR
|
|
and
|
|
\fIPW_REXEC\fR
|
|
reasons. It is treated as a single line of text which is piped to the authentication program. When the reason is
|
|
\fIPW_CHANGE,\fR
|
|
the value of
|
|
\fIinput\fR
|
|
is the value of previous user name if the user name is being changed.
|
|
.SH "CAVEATS"
|
|
.PP
|
|
This function does not create the actual session. It only indicates if the user should be allowed to create the session.
|
|
.PP
|
|
The network options are untested at this time.
|
|
.SH "DIAGNOSTICS"
|
|
.PP
|
|
The
|
|
\fIpw_auth\fR
|
|
function returns 0 if the authentication program exited with a 0 exit code, and a non\-zero value otherwise.
|
|
.SH "SEE ALSO"
|
|
.PP
|
|
\fBlogin\fR(1),
|
|
\fBpasswd\fR(1),
|
|
\fBsu\fR(1),
|
|
\fBuseradd\fR(8),
|
|
\fBuserdel\fR(8),
|
|
\fBusermod\fR(8)
|
|
.SH "AUTHOR"
|
|
.PP
|
|
Julianne Frances Haugh (jockgrrl@ix.netcom.com)
|