How to authenticate a user using PAM?

Question

I've read through this page, but I'm a little confused...

• pam_start
  • What is struct pam_conv and how should it be filled in?
  • What on earth is service_name and what does it mean?

Is there an example somewhere of using PAM to log in a user (or at least verify their provided credentials)?

Answer 1

Here is an example:

#include <stdlib.h> // for NULL
#include <security/pam_appl.h> // for pam_ functions

// compile with 'gcc -lpam filename.c'

int main ( int argc , char * * argv )
{
    //function used to get user input
    int function_conversation ( ) { /* ToDo prompt user for input */ } ;

    const char * local_service = "Example Service" ; // name of the authentication service
    const char * local_user = "Example User" ; //Name of the user
    void * local_app_data = NULL ; // ToDo Make this valid.
    const struct pam_conv local_conversation = { function_conversation , local_app_data } ;
    pam_handle_t * local_auth_handle = NULL ; // this gets set by pam_start
    int local_status = 0 ; // result of each function call

    // local_auth_handle gets set based on the service 
    local_status = pam_start ( local_service , local_user , & local_conversation , & local_auth_handle ) ;

    int local_auth_flags = 0 ; // ToDo Are there any relevent flags?
    // Authenticate the user with the authentication handle set by pam_start
    local_status = pam_athenticate ( local_auth_handle , local_auth_flags ) ;

    // terminate transaction
    local_status = pam_end ( local_auth_handle , local_status ) ;

    return local_status ;
}

References:

http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.ibm.aix.basetechref/doc/basetrf1/pam_start.htm

http://www.kapet.de/kb/pam_interpose/pam_interpose.c

http://pubs.opengroup.org/onlinepubs/8329799/pam_start.htm