On Wed, May 24, 2023 at 9:42 AM Lal, Arun <arun.lal@xxxxxxxxx> wrote:
Hi All,
I was trying to authenticate a user from a deamon running in my machine. And I found systemd-login can be used.
I went through documentation for interface org.freedesktop.login1, but I am not clear on how it can be used.
Lets assume that there is a deamon called xyz running in my device which has a webserver component. And it receives a request to login from https side.
And once the deamon has username and password, I would like to invoke some dbus calls to org.freedesktop.login1 to perform the authentication.
systemd-logind does not have that functionality. It's a session manager, not an authentication service. (And the sessions it manages are meant for mostly interactive connections; not for webapp sessions.)
Usually system authentication is done by loading libpam in-process (must be done from a privileged process running as root). If that is not possible (e.g. if you're using an unprivileged webapp), the *saslauthd* daemon from Cyrus-SASL would be one option – it is designed to be used by various network services to validate passwords over a Unix socket interface and has a PAM backend (`saslauthd -a pam`).
I don't know of other such daemons (surprisingly, SSSD doesn't expose an authenticate call through its D-Bus interface either, keeping it internal to PAM only), but that's the general approach if you plan on writing your own.
--
Mantas Mikulėnas
