On ti, 29 maalis 2022, Roger Seguin via FreeIPA-users wrote:
Thank you for your response.
This seems a bit more complicated than what I was hoping for :)
If your current application has a read access to /etc/shadow, you are
already performing what pam_unix.so is doing. As a result, your current
application could have been already using PAM API instead of directly
accessing /etc/shadow.
I am just trying to point out that there are standardized ways of
achieving what you want on Linux systems already. Sticking to these
methods would allow to extend and integrate with FreeIPA regardless how
authentication is performed internally in FreeIPA.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland