On 3/28/22 19:08, Roger Seguin wrote:
We have a GUI-based computer program that drives an external device/machine. By default our software only displays limited information on that external device. However, when a power user (group defined in /etc) identifies himself by entering their credentials through our software GUI, our software then checks those credentials against /etc/shadow using crypt() and getspnam() and, if succesful, provides extra functions for configuring our external device/machine. Actually, our software runs on several networked computers and our users, which are all local (defined in /etc), are duplicated on each computer. This is not ideal and we would rather like to have all users managed by IPA in a central place (dedicated computer as the IPA server) with our software running in IPA clients. Therefore, our software won't be able to check users' credentials using the local /etc/shadow file anymore. Basically, we would need to be able to query IPA programmatically (C language - or at least a shell script) to check that a username+password is correct.
You do an LDAP bind using the username and password. If it's successful, then the combination is valid.
You could also look to see how sssd does it. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
