On Tue, 26 Aug 2003, Peter Seebach wrote:

> In message <Pine.NEB.4.33.0308261151550.20543-100000@vespasia.home-net.icnt.net
> >So what is the exposed API used by BSD Auth?

Let me re-phrase that.

> A bunch of functions with names like auth_foo:
>
> bsd_auth(3):
> NAME
>      auth_open, auth_call, auth_challenge, auth_check_change,
>      auth_check_expire, auth_clean, auth_close, auth_clrenv, auth_clroption,
>      auth_clroptions, auth_getitem auth_getstate, auth_getvalue,
>      auth_set_va_list, auth_setdata, auth_setenv, auth_setitem auth_setoption,
>      auth_setpwd, auth_setstate - interface to the BSD Authentication system
> authenticate(3):
> NAME
>      auth_approval, auth_cat, auth_checknologin, auth_mkvalue,
>      auth_userchallenge, auth_usercheck, auth_userokay, auth_userresponse,
>      auth_verify - simplified interface to the BSD Authentication system
>
> These do just about everything.  You almost never need the "full" interface,
> but it's there.

What parts do programs that are the clients (not the authenticators (my
term)) need?

Since the eventual goal is one system that does both, we will eventually
need a mapping from the BSD Auth API to what PAM modules can do, and a
mapping from what PAM users want to what BSD Auth authenticators can do.

Well, it will do as much of both as is reasonable. :-)

Take care,

Bill