An authenticator is pretty straightforward, and you should be able to figure it out from  Basically, your authenticator has to accept the request

AUTHENTICATE USER <user> <CREDENTIALS <credentials> | DATA <data> >

When a handle is originally authenticated the authenticator is provided the USER and CREDENTIALS.  It does the authentication check and then returns the appropriate return code.  If everything went ok, it returns 0 and passes back <data> in the result buffer.  

When a request is made to a remote system, STAFProc sends the <user> and associated <data> to the remote system.  The remote system calls the appropriate authenticator and passes in USER and DATA for verification.  The authenticator makes the check and returns zero if everything is ok.

In the AuthSample, the <data> is the same as the initially provided <credentials>.  In a more sophisticated system, this would be some form of token.

Note, there shouldn't be any problem writing your authenticator in C++, as an authenticator is nothing more than a specialized service.

Charles Rankin
Sent by:

02/12/2007 07:27 AM

[staf-devel] Authenticator Service

Hello folks,

Unless already existing, i'd like to write my own authenticator service under Linux, based on libpam, allowing users to use their own Linux account to authenticate their handles.
Unfortunately, i'm not able to find any documentation about writing such a service.
Is there any existing documentation on the topic, or should i rely on (i'd like to write my authenticator in C++ though).

Thanks for your help,

Florian PONROY
Thales Land & Joint France
Tel. : +33(0)1 41 304 363
Fax : +33(0)1 41 303 560
Email :

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
staf-devel mailing list