<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <HTML> <HEAD> <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.20"> <TITLE>The Linux-PAM Application Developers' Guide: An example application</TITLE> <LINK HREF="pam_appl-9.html" REL=next> <LINK HREF="pam_appl-7.html" REL=previous> <LINK HREF="pam_appl.html#toc8" REL=contents> </HEAD> <BODY> <A HREF="pam_appl-9.html">Next</A> <A HREF="pam_appl-7.html">Previous</A> <A HREF="pam_appl.html#toc8">Contents</A> <HR> <H2><A NAME="s8">8.</A> <A HREF="pam_appl.html#toc8">An example application</A></H2> <P>To get a flavor of the way a <CODE>Linux-PAM</CODE> application is written we include the following example. It prompts the user for their password and indicates whether their account is valid on the standard output, its return code also indicates the success (<CODE>0</CODE> for success; <CODE>1</CODE> for failure).</P> <P> <BLOCKQUOTE><CODE> <PRE> /* This program was contributed by Shane Watts [modifications by AGM] You need to add the following (or equivalent) to the /etc/pam.conf file. # check authorization check_user auth required /usr/lib/security/pam_unix_auth.so check_user account required /usr/lib/security/pam_unix_acct.so */ #include <security/pam_appl.h> #include <security/pam_misc.h> #include <stdio.h> static struct pam_conv conv = { misc_conv, NULL }; int main(int argc, char *argv[]) { pam_handle_t *pamh=NULL; int retval; const char *user="nobody"; if(argc == 2) { user = argv[1]; } if(argc > 2) { fprintf(stderr, "Usage: check_user [username]\n"); exit(1); } retval = pam_start("check_user", user, &conv, &pamh); if (retval == PAM_SUCCESS) retval = pam_authenticate(pamh, 0); /* is user really user? */ if (retval == PAM_SUCCESS) retval = pam_acct_mgmt(pamh, 0); /* permitted access? */ /* This is where we have been authorized or not. */ if (retval == PAM_SUCCESS) { fprintf(stdout, "Authenticated\n"); } else { fprintf(stdout, "Not Authenticated\n"); } if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */ pamh = NULL; fprintf(stderr, "check_user: failed to release authenticator\n"); exit(1); } return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */ } </PRE> </CODE></BLOCKQUOTE> </P> <HR> <A HREF="pam_appl-9.html">Next</A> <A HREF="pam_appl-7.html">Previous</A> <A HREF="pam_appl.html#toc8">Contents</A> </BODY> </HTML>