File:
[LON-CAPA] /
doc /
build /
Attic /
loncapapasswordauthentication.html
Revision
1.6:
download - view:
text,
annotated -
select for diffs
Wed Feb 27 00:19:47 2002 UTC (22 years, 7 months ago) by
harris41
Branches:
MAIN
CVS tags:
version_1_0_3,
version_1_0_2,
version_1_0_1,
version_1_0_0,
version_0_99_5,
version_0_99_4,
version_0_99_3,
version_0_99_2,
version_0_99_1,
version_0_99_0,
version_0_6_2,
version_0_6,
version_0_5_1,
version_0_5,
version_0_4,
stable_2002_july,
stable_2002_april,
conference_2003,
STABLE,
HEAD
a newer pwauth was released by apache group and the instructions
need to be more detailed
<html>
<head>
<title>LON-CAPA Password authentication</title>
</head>
<body>
<h1>LON-CAPA Password authentication</h1>
<p>
Scott Harrison
</p>
<p>
Last updated: 09/30/2001
</p>
<p>
This file describes issues associated with authenticating
passwords on a LON-CAPA system.
</p>
<p>
I am just now adding information on how to configure a LON-CAPA
system to work with shadow passwords.
</p>
<h3>Latest HOWTO</h3>
<p>
The following section of perl code illustrates the
different ways passwords can be evaluated.
</p>
<p>
<pre>
my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
my $pwdcorrect=0;
if ($howpwd eq 'internal') {
$pwdcorrect=
(crypt($upass,$contentpwd) eq $contentpwd);
} elsif ($howpwd eq 'unix') {
$contentpwd=(getpwnam($uname))[1];
$pwdcorrect=
(crypt($upass,$contentpwd) eq $contentpwd);
} elsif ($howpwd eq 'krb4') {
$pwdcorrect=(
Authen::Krb4::get_pw_in_tkt($uname,"",
$contentpwd,'krbtgt',$contentpwd,1,
$upass) == 0);
}
if ($pwdcorrect) {
print $client "authorized\n";
} else {
print $client "non_authorized\n";
}
</pre>
</p>
<hr />
Making a LON-CAPA system work with shadow passwords (in five steps;
assuming that the linux system is configured for shadow passwords)
<pre>
1. Login as user=sysadm.
2. cd ~
3. mkdir install
4. cd install
5. wget http://www.wwnet.net/~janc/software/mod_auth_external-2.1.15.tar.gz
6. tar xzvf mod_auth_external-2.1.15.tar.gz
7. cd mod_auth_external/pwauth
8. alter the config.h file line to match the UID of www
#define SERVER_UIDS 500 /* user "www" */
9. make
10. sudo emacs -nw /etc/pam.d/pwauth
If you have a /etc/pam.d directory, you need to create a file named
"pwauth" inside it. To authenticate out of the Unix Shadow file
under Redhat 6.x, the /etc/pam.d/pwauth file should look something like
this:
auth required /lib/security/pam_pwdb.so shadow nullok
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_pwdb.so
11.
Place ~/mod_auth_external/pwauth/pwauth in /usr/local/sbin/ with
setuid permissions.
sudo cp /home/sysadm/install/mod_auth_external/pwauth/pwauth /usr/local/sbin/.
sudo chmod 6755 /usr/local/sbin/pwauth
</pre>
</body>
</html>
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>