User Authorization

Questions regarding the use of the ANSI C SDK for Server or Client development or integration into customer products ...

Moderator: uasdkc

Post Reply
bstraehl
Jr. Member
Jr. Member
Posts: 1
Joined: 27 Aug 2020, 14:24

User Authorization

Post by bstraehl »

User authentication can be done in several ways, for instance internal, internal_ex, pam, sasl and so on. However information for user authorization (UASERVER_SUPPORT_AUTHORIZATION) is always read from the proprietary and system independent passwd and group files shaped like this:
<UserId> <GroupId> <UserName>
0 0 root
1 1 anonymous
2 4 joe
3 5 john
4 6 sue
5 7 "jane doe"

<GroupId> <GroupName> <Users>
0 root root
1 anonymous anonymous
2 operators joe,john
3 users "joe,john,sue,jane doe"
4 joe joe
5 john john
6 sue sue
7 "jane doe" "jane doe"

Wouldn't it make sense to have the possibility to read user authorization data from the systems /etc/passwd and /etc/group files, if somebody uses PAM with pam_unix.so anyway? If I want to have this, I have to write may own userId, groupId and userGroups getter functions and install them with UaServer_SetUserAuthenticationTypeEx using UserAuthType_User. Is this right?

User avatar
Support Team
Hero Member
Hero Member
Posts: 3056
Joined: 18 Mar 2011, 15:09

Re: User Authorization

Post by Support Team »

Hi,

yes, that is correct see here for external/custom authorization:

https://documentation.unified-automation.com/uasdkc/1.9.4/html/group__UaServerModule.html#ga1127a5f4034342fc6cc9b9008eb6576c

If a custom authentication module should be set, a_type must be set to UserAuthType_User and the authentication callback interface containing the custom auth function pointers must be passed. If a_type is not set to UserAuthType_User, this parameter is ignored.
Best regards
Unified Automation Support Team

Post Reply