• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: How to get encrypted user password
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to get encrypted user password

  • Subject: Re: How to get encrypted user password
  • From: Alastair Houghton <email@hidden>
  • Date: Wed, 30 Dec 2009 13:35:58 +0000
On 30 Dec 2009, at 02:57, Stephen J. Butler wrote:

> In modern security architectures you don't ever handle (or even have
> access to) the password in your program. What you do is pass the
> credentials (user and password in this case) to some authentication
> framework. For OS X and Linux, the best solution is PAM:
>
> <http://www.kernel.org/pub/linux/libs/pam/>

FWIW, on OS X, the native API for this is either the Directory Services framework (prior to 10.6), or the Open Directory framework (10.6 and above).  These do have some advantages over PAM (particularly the fact that you don't have to write files into /etc/pam.d, which is a fairly un-Mac-like thing to be doing), although their primary disadvantage is that PAM is widely implemented by other UNIX-like platforms.

If you're interested in these, you can see how to use the new Open Directory framework here:

  <http://www.opensource.apple.com/source/OpenDirectory/OpenDirectory-57/TestSuite/TestApp.m>

and the older Directory Services framework here:

  <http://developer.apple.com/mac/library/samplecode/CryptNoMore/index.html>

or here:

  <http://developer.apple.com/mac/library/samplecode/NetworkAuthentication/index.html>

The latter two also demonstrate the use of PAM (in the case of CryptNoMore) and GSSAPI (in the case of NetworkAuthentication).

The Directory Services framework appears to be deprecated on 10.6 (I assume in favour of the newer Open Directory framework).  In a way, that is also a disadvantage for these two, in that you can't use the Open Directory framework before 10.6, but you'll get warnings if you use Directory Services there.

In any case, CryptNoMore has at least a sample of PAM use if that's helpful to you :-)

Kind regards,

Alastair.

--
http://alastairs-place.net




 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: How to get encrypted user password
      • From: Dave Keck <email@hidden>
References: 
 >How to get encrypted user password (From: Roger Pau MonnĂ© <email@hidden>)
 >Re: How to get encrypted user password (From: "Stephen J. Butler" <email@hidden>)

  • Prev by Date: Re: How to get encrypted user password
  • Next by Date: -all_load for selected archives
  • Previous by thread: Re: How to get encrypted user password
  • Next by thread: Re: How to get encrypted user password
  • Index(es):
    • Date
    • Thread