PAM is a Pluggable Authentication Module for Linux and other Unix platforms
From the FAQ available at [L1 ] ... "PAM provides a way to develop programs that are independent of authentication scheme. These programs need "authentication modules" to be attatched to them at run-time in order to work. Which authentication module is to be attatched is dependent upon the local system setup and is at the discretion of the local system administrator."
Here's a small Critcl script that allows you to call PAM from Tcl. It makes a couple of assumptions (e.g. the service name is empty) so you might need to tweak it for your particular application - stevel. A more comprehensive solution can be found here[L2 ].
# # pam.tcl # # Tcl interface to the *nix PAM library # package require critcl package provide pam 1.0 if {![critcl::compiling]} { puts stderr "This extension cannot be compiled without critcl enabled" exit 1 } namespace eval pam { critcl::clibraries -lpam critcl::ccode { #include <stdio.h> #include <security/pam_appl.h> #include <security/pam_misc.h> static int conversation(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) { /* just return the supplied password back to PAM */ *resp = calloc(num_msg, sizeof(struct pam_response)); (*resp)[0].resp = strdup((char *) appdata_ptr); (*resp)[0].resp_retcode = 0; return ((*resp)[0].resp ? PAM_SUCCESS : PAM_CONV_ERR); } } critcl::cproc authenticate {char* user char* passwd} int { struct pam_conv conv = { conversation, passwd }; pam_handle_t *pamh = NULL; int code, ret; if (pam_start("", user, &conv, &pamh) != PAM_SUCCESS) { return 0; } if (pam_authenticate(pamh, 0) == PAM_SUCCESS) { ret = 1; } else { ret = 0; } if (pam_end(pamh, 0) != PAM_SUCCESS) { ret = 0; } return ret; } }