doc/build/loncapapasswordauthentication.html - view

Return to loncapapasswordauthentication.html CVS log

Up to [LON-CAPA] / doc / build

File: [LON-CAPA] / doc / build / Attic / loncapapasswordauthentication.html
Revision 1.5: download - view: text, annotated - select for diffs
Sun Sep 30 18:33:08 2001 UTC (23 years, 1 month ago) by harris41
Branches: MAIN
CVS tags: stable_2002_spring, stable_2001_fall, HEAD

adding setuid command to instructions

<html>
<head>
<title>LON-CAPA Password authentication</title>
</head>
<body>
<h1>LON-CAPA Password authentication</h1>
<p>
Scott Harrison
</p>
<p>
Last updated: 09/30/2001
</p>
<p>
This file describes issues associated with authenticating
passwords on a LON-CAPA system.
</p>
<p>
I am just now adding information on how to configure a LON-CAPA
system to work with shadow passwords.
</p>
<h3>Latest HOWTO</h3>
<p>
The following section of perl code illustrates the
different ways passwords can be evaluated.
</p>
<p>
<pre>
                          my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
                          my $pwdcorrect=0;
                          if ($howpwd eq 'internal') {
			      $pwdcorrect=
				  (crypt($upass,$contentpwd) eq $contentpwd);
                          } elsif ($howpwd eq 'unix') {
                              $contentpwd=(getpwnam($uname))[1];
                              $pwdcorrect=
                                  (crypt($upass,$contentpwd) eq $contentpwd);
                          } elsif ($howpwd eq 'krb4') {
                              $pwdcorrect=(
                                 Authen::Krb4::get_pw_in_tkt($uname,"",
                                        $contentpwd,'krbtgt',$contentpwd,1,
							     $upass) == 0);
                          }
                          if ($pwdcorrect) {
                             print $client "authorized\n";
                          } else {
                             print $client "non_authorized\n";
                          }  
</pre>
</p>
<hr />
Making a LON-CAPA system work with shadow passwords (in five steps;
assuming that the linux system is configured for shadow passwords)
<pre>
1. Get http://www.wwnet.net/~janc/software/mod_auth_external-2.1.13.tar.gz

2. cd mod_auth_external/pwauth

3. alter the config.h file line to match the UID of www
#define SERVER_UIDS 500         /* user "www" */

4.
      If you have a /etc/pam.d directory, you need to create a file named
      "pwauth" inside it.  To authenticate out of the Unix Shadow file
      under Redhat 6.x, the /etc/pam.d/pwauth file should look something like
      this:

        auth       required     /lib/security/pam_pwdb.so shadow nullok
        auth       required     /lib/security/pam_nologin.so
        account    required     /lib/security/pam_pwdb.so


5.  place pwauth in /usr/local/sbin/.  (chmod 6755 /usr/local/sbin/pwauth)

</body>
</html>

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>