Subject: Re: BSD Authentication
To: Bill Studenmund <>
From: Peter Seebach <>
List: current-users
Date: 08/26/2003 14:18:33
In message <
>What parts do programs that are the clients (not the authenticators (my
>term)) need?

I'm not sure what you mean.  Those are the routines available for programs
like "login" or "su" to get authentication.  *none* of them are needed for
the "authenticators".  An authenticator can do something like
	if	[ $RANDOM < 20 ]
	then	echo >&3 "authenticate"
	exec /usr/libexec/login_passwd
for the "lets people in automatically one time in 16,000" authentication

The authentication programs are called with a fixed environment and such,
and do a very limited set of things, and the only reason for them to use the
bsd_auth library routines is if they want to call *another* authenticator.

The functions I named are the ones that clients might use to interact with
an authenticator, although most clients won't use more than a couple of
them.  I will see if maybe I can get sample source to show how this is