 |  |
| |
To get at directory information, Unix applications typically go through the C library using such functions as gethostent( ). Higher-level APIs, such as Pluggable Authentication Modules (PAM) and Common Data Security Architecture (CDSA), also use the C library. Figure 3-2 shows how this works. The C library connects to lookupd, a thin shim that is the doorway to the DirectoryService daemon. The DirectoryService daemon consults the available plug-ins until it finds the one that can answer the directory query.
One possible route to user and password information is through the getpw* family of functions. However, those functions are not ideal for working with systems like Mac OS X that support multiple directories (flat files, NetInfo, LDAP, etc.). In particular, getpwnam( ) is not guaranteed to return a crypted password if the system has been configured to use another scheme, such as MD5 passwords. You should use the PAM API instead. PAM is included with, or available for, many flavors of Unix, so you can use it to write portable code. For more information on PAM, see the pam(8) manpage.
|  | |
| 3. Directory Services |  | 3.3. Configuring Directory Services |
Copyright © 2003 O'Reilly & Associates. All rights reserved.