doc/build/loncapapasswordauthentication.html - diff

Return to loncapapasswordauthentication.html CVS log

Up to [LON-CAPA] / doc / build

Diff for /doc/build/Attic/loncapapasswordauthentication.html between versions 1.1 and 1.4

-version 1.1, 2001/02/10 17:07:47
+version 1.4, 2001/09/30 18:32:10
  Line 1
- <HTML>
+ <html>
- <HEAD>
+ <head>
- <TITLE>LON-CAPA Password authentication</TITLE>
+ <title>LON-CAPA Password authentication</title>
- </HEAD>
+ </head>
- <BODY>
+ <body>
- <H1>LON-CAPA Password authentication</H1>
+ <h1>LON-CAPA Password authentication</h1>
- <P>
+ <p>
  Scott Harrison
- </P>
+ </p>
- <P>
+ <p>
- Last updated: 02/10/2001
+ Last updated: 09/30/2001
- </P>
+ </p>
- <P>
+ <p>
  This file describes issues associated with authenticating
  passwords on a LON-CAPA system.
- </P>
+ </p>
- <H3>Latest HOWTO</H3>
+ <p>
- <P>
+ I am just now adding information on how to configure a LON-CAPA
- </P>
+ system to work with shadow passwords.
- </BODY>
+ </p>
- </HTML>
+ <h3>Latest HOWTO</h3>
+ <p>
+ The following section of perl code illustrates the
+ different ways passwords can be evaluated.
+ </p>
+ <p>
+ <pre>
+                           my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
+                           my $pwdcorrect=0;
+                           if ($howpwd eq 'internal') {
+ 			      $pwdcorrect=
+ 				  (crypt($upass,$contentpwd) eq $contentpwd);
+                           } elsif ($howpwd eq 'unix') {
+                               $contentpwd=(getpwnam($uname))[1];
+                               $pwdcorrect=
+                                   (crypt($upass,$contentpwd) eq $contentpwd);
+                           } elsif ($howpwd eq 'krb4') {
+                               $pwdcorrect=(
+                                  Authen::Krb4::get_pw_in_tkt($uname,"",
+                                         $contentpwd,'krbtgt',$contentpwd,1,
+ 							     $upass) == 0);
+                           }
+                           if ($pwdcorrect) {
+                              print $client "authorized\n";
+                           } else {
+                              print $client "non_authorized\n";
+                           }
+ </pre>
+ </p>
+ <hr />
+ Making a LON-CAPA system work with shadow passwords (in five steps;
+ assuming that the linux system is configured for shadow passwords)
+ <pre>
+. Get http://www.wwnet.net/~janc/software/mod_auth_external-2.1.13.tar.gz
+. cd mod_auth_external/pwauth
+. alter the config.h file line to match the UID of www
+ #define SERVER_UIDS 500         /* user "www" */
+.
+       If you have a /etc/pam.d directory, you need to create a file named
+       "pwauth" inside it.  To authenticate out of the Unix Shadow file
+       under Redhat 6.x, the /etc/pam.d/pwauth file should look something like
+       this:
+         auth       required     /lib/security/pam_pwdb.so shadow nullok
+         auth       required     /lib/security/pam_nologin.so
+         account    required     /lib/security/pam_pwdb.so
+.  place pwauth in /usr/local/sbin/.
+ </body>
+ </html>

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.1
changed lines
	Added in v.1.4