We have a GUI-based computer program that drives an external device/machine.
By default our software only displays limited information on that external device.
However, when a power user (group defined in /etc) identifies himself by entering their credentials through our software GUI, our software then checks those credentials against /etc/shadow using crypt() and getspnam() and, if succesful, provides extra functions for configuring our external device/machine.
Actually, our software runs on several networked computers and our users, which are all local (defined in /etc), are duplicated on each computer.
This is not ideal and we would rather like to have all users managed by IPA in a central place (dedicated computer as the IPA server) with our software running in IPA clients. Therefore, our software won't be able to check users' credentials using the local /etc/shadow file anymore.
Basically, we would need to be able to query IPA programmatically (C language - or at least a shell script) to check that a username+password is correct.
How can we process?
Thanks