Show TOC

Sample PAM Authorization ProgramLocate this document in the navigation structure

This sample program accepts credentials as command line parameters and uses PAM to authenticate them.

The program demonstrates basic authentication. It offers guidance for setting up and troubleshooting PAM authentication without the SAP IQ server.

This program was tested on RedHat Linux 6 using GCC 4.2; other UNIX platforms may require changes. Consult your system's PAM application programming interface for help compiling and running PAM client programs.

//*****************************
//Sample Application
//
//To compile this program, use:
//
// gcc pam_test.c -|pam
//
//*****************************
#include <security/pam_appl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int null_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp,
void *appdata_ptr)
{
   *resp=(struct pam_response*)appdata_ptr;
   return PAM_SUCCESS;
}

int authenticate(char *service, char *user, char *pass)
/*****************************************************/
{
   pam_handle_t *pamh=NULL;
   struct pam_response *replay=(struct pam_response *)malloc( sizeoff(struct pam_response) );
   struct pam_conv conv={nul_cov, (void*)reply };

   int retval=pam_start( service, user, &conv, &pamh );

   if( retval==PAM_SUCCESS){
        reply[0].resp=pass;
        reply[0].rep_retcode=0;
        retval=pam_authenticate( pamh, 0);
        pam_end( pamh, PAM_SUCCESS);
   }
   return (retval==PAM_SUCCESS?0:1);
}

int main(int argc, char *argv )
/*****************************/
{
   int retval;
   char *user, *pass, *service;
//********************************************************************************
//Accept command line parameters for username, password, and optional servicename.
//********************************************************************************
   if( argc<3||argc >4){
        fprintf(stderr, "Usage: login <username> <password> [<servicename> ]\n");
        exit(1);
   }
   user=argv[1];
   pass=strdup( argv[2]);
   service=(argc>=4) ? argv[3]:"system-auth";

   retval=authenticate( service, user, pass );
   if (retval==PAM_SUCCESS){
         fprintf(stdout, "Authenticated\n");)
   } else {
         fprintf(stdout, "Not Authenticated\n");
   }
   return retval;
}