version 1.1, 2001/02/10 17:07:47
|
version 1.5, 2001/09/30 18:33:08
|
Line 1
|
Line 1
|
<HTML> |
<html> |
<HEAD> |
<head> |
<TITLE>LON-CAPA Password authentication</TITLE> |
<title>LON-CAPA Password authentication</title> |
</HEAD> |
</head> |
<BODY> |
<body> |
<H1>LON-CAPA Password authentication</H1> |
<h1>LON-CAPA Password authentication</h1> |
<P> |
<p> |
Scott Harrison |
Scott Harrison |
</P> |
</p> |
<P> |
<p> |
Last updated: 02/10/2001 |
Last updated: 09/30/2001 |
</P> |
</p> |
<P> |
<p> |
This file describes issues associated with authenticating |
This file describes issues associated with authenticating |
passwords on a LON-CAPA system. |
passwords on a LON-CAPA system. |
</P> |
</p> |
<H3>Latest HOWTO</H3> |
<p> |
<P> |
I am just now adding information on how to configure a LON-CAPA |
</P> |
system to work with shadow passwords. |
</BODY> |
</p> |
</HTML> |
<h3>Latest HOWTO</h3> |
|
<p> |
|
The following section of perl code illustrates the |
|
different ways passwords can be evaluated. |
|
</p> |
|
<p> |
|
<pre> |
|
my ($howpwd,$contentpwd)=split(/:/,$realpasswd); |
|
my $pwdcorrect=0; |
|
if ($howpwd eq 'internal') { |
|
$pwdcorrect= |
|
(crypt($upass,$contentpwd) eq $contentpwd); |
|
} elsif ($howpwd eq 'unix') { |
|
$contentpwd=(getpwnam($uname))[1]; |
|
$pwdcorrect= |
|
(crypt($upass,$contentpwd) eq $contentpwd); |
|
} elsif ($howpwd eq 'krb4') { |
|
$pwdcorrect=( |
|
Authen::Krb4::get_pw_in_tkt($uname,"", |
|
$contentpwd,'krbtgt',$contentpwd,1, |
|
$upass) == 0); |
|
} |
|
if ($pwdcorrect) { |
|
print $client "authorized\n"; |
|
} else { |
|
print $client "non_authorized\n"; |
|
} |
|
</pre> |
|
</p> |
|
<hr /> |
|
Making a LON-CAPA system work with shadow passwords (in five steps; |
|
assuming that the linux system is configured for shadow passwords) |
|
<pre> |
|
1. Get http://www.wwnet.net/~janc/software/mod_auth_external-2.1.13.tar.gz |
|
|
|
2. cd mod_auth_external/pwauth |
|
|
|
3. alter the config.h file line to match the UID of www |
|
#define SERVER_UIDS 500 /* user "www" */ |
|
|
|
4. |
|
If you have a /etc/pam.d directory, you need to create a file named |
|
"pwauth" inside it. To authenticate out of the Unix Shadow file |
|
under Redhat 6.x, the /etc/pam.d/pwauth file should look something like |
|
this: |
|
|
|
auth required /lib/security/pam_pwdb.so shadow nullok |
|
auth required /lib/security/pam_nologin.so |
|
account required /lib/security/pam_pwdb.so |
|
|
|
|
|
5. place pwauth in /usr/local/sbin/. (chmod 6755 /usr/local/sbin/pwauth) |
|
|
|
</body> |
|
</html> |
|
|