graph LR
hpnsshd_daemon["hpnsshd daemon"]
Authentication_Core_auth_c_["Authentication Core (auth.c)"]
Password_Authentication_Module_auth_passwd_c_["Password Authentication Module (auth-passwd.c)"]
Public_Key_Authentication_Module_auth_pubkey_c_["Public Key Authentication Module (auth-pubkey.c)"]
Pluggable_Authentication_Modules_PAM_Integration_auth_pam_c_["Pluggable Authentication Modules (PAM) Integration (auth-pam.c)"]
Kerberos_GSSAPI_Integration_Module_auth_gssapi_c_["Kerberos/GSSAPI Integration Module (auth-gssapi.c)"]
FIDO2_Integration_Module_auth_fido_c_["FIDO2 Integration Module (auth-fido.c)"]
Session_Management_Authorization_session_c_["Session Management & Authorization (session.c)"]
hpnsshd_daemon -- "initiates authentication process in" --> Authentication_Core_auth_c_
Authentication_Core_auth_c_ -- "orchestrates" --> Password_Authentication_Module_auth_passwd_c_
Authentication_Core_auth_c_ -- "passes control to" --> Session_Management_Authorization_session_c_
Password_Authentication_Module_auth_passwd_c_ -- "is orchestrated by" --> Authentication_Core_auth_c_
Public_Key_Authentication_Module_auth_pubkey_c_ -- "is orchestrated by" --> Authentication_Core_auth_c_
Pluggable_Authentication_Modules_PAM_Integration_auth_pam_c_ -- "is orchestrated by" --> Authentication_Core_auth_c_
Kerberos_GSSAPI_Integration_Module_auth_gssapi_c_ -- "is orchestrated by" --> Authentication_Core_auth_c_
FIDO2_Integration_Module_auth_fido_c_ -- "is orchestrated by" --> Authentication_Core_auth_c_
Session_Management_Authorization_session_c_ -- "receives control from" --> Authentication_Core_auth_c_
Architectural analysis of the hpnsshd project, detailing its C-language components and their relationships.
The main server-side daemon responsible for listening for incoming connections and initiating the authentication process for clients. It acts as the entry point to the Authentication & Authorization Subsystem.
Related Classes/Methods: None
Serves as the central state machine for authentication, orchestrating the flow and dispatching requests to specific authentication modules based on configured methods and client requests. It manages the overall authentication session state.
Related Classes/Methods:
auth.c(1:1)
Implements the logic for traditional password-based user authentication, verifying credentials against system or configured sources.
Related Classes/Methods:
auth-passwd.c(1:1)
Handles public key-based authentication, verifying user identity by challenging the client to prove possession of a private key corresponding to a registered public key.
Related Classes/Methods:
auth-pubkey.c(1:1)
Provides an interface to the system's Pluggable Authentication Modules (PAM) framework, allowing hpnsshd to leverage various system-wide authentication schemes configured via PAM.
Related Classes/Methods:
auth-pam.c(1:1)
Integrates with Kerberos and Generic Security Service Application Programming Interface (GSSAPI) for robust, centralized authentication in enterprise environments.
Related Classes/Methods:
auth-gssapi.c(1:1)
Supports FIDO2 security tokens for strong, hardware-backed authentication, enhancing security posture.
Related Classes/Methods:
auth-fido.c(1:1)
Responsible for post-authentication tasks, including setting up user sessions, applying authorization policies, and preparing for shell or command execution based on user permissions.
Related Classes/Methods:
session.c(1:1)