What API do I call to set a user's password on linux?

Question

I know about passwd(1) and crypt(3). What I'm looking for is a C API to call which will set the user's password in the passwd/shadow files, without having to programatically walk the files and overwrite the entry for the user in question. Application runs as root.

Does such an API exist?

EDIT: Guess I should specify, the password is being synced between different systems, so we cannot simply call system("passwd") and allow the user to enter whatever password they want when passwd prompts them. We need to know the password so we can programatically update the other systems with the same password.

Answer 1

The best bet is to exec the passwd command with the appropriate arguments and let it worry about the file handling, crypt, and file locking issues. At some level, something is going to have to "programmatically walk the files" no matter what. Unless you really have a big performance problem with this, you're better off relying on the existing code and experience rather than trying to duplicate the existing code.

Answer 2

Perhaps you want PAM? Not sure, but most distributions use it...

Added: It looks like Mac OS X uses openssl to manage it's password hashing. It may be possible to do something similar under linux, but for your needs you have to be compatible with the authentication layer used by the OS.

Answer 3

You could have a look at passwd source, but I'd first try an easier and lazier way: I'd just strace passwd and see what happens.

Answer 4

Using /etc/passwd and /etc/shadow for password storage? Are the UIDs in sync between systems? You could simply copy/overwrite the line in the /etc/shadow file for the particular user.

And the "don't do it" answer would be to use a NIS server and change the password only once.

Answer 5

Maybe the putpwent call is what you are looking for. Try man putpwent. On a quicks search I find a page with some examples. It might help.

http://linux.omnipotent.net/article.php?article_id=10935

Check getpwnam for looking up than changing the entry and utilizing putpwent.

Answer 6

This would most likely vary depending on what mechanism the system in question uses...

...which brings me to another suggestion, use existing tools to have the different systems authenticate users against a common store instead - like LDAP or whatever directory or master system is available at your site. Or set one up. Preferably not NIS+ ^^

Do not reinvent the wheel, as they supposedly say.

Where would you get the clear text password from to begin with? If it's out there, why even bother having passwords? (Yeah, I know I'm a prick when it comes to these things, sorry - let the downvotes begin ;)

Answer 7

As 8jean commented above, looks like /usr/sbin/chpasswd might be the easiest way. Otherwise I'd have gone with noha's comment of using functions like fgetpwent() -- or fgetspent() for dealing with the shadow file -- to walk the list of users and modify the record(s) I need to change. Thanks, everyone!