Scott Harrison
Last updated: 09/30/2001
This file describes issues associated with authenticating passwords on a LON-CAPA system.
I am just now adding information on how to configure a LON-CAPA system to work with shadow passwords.
The following section of perl code illustrates the different ways passwords can be evaluated.
my ($howpwd,$contentpwd)=split(/:/,$realpasswd); my $pwdcorrect=0; if ($howpwd eq 'internal') { $pwdcorrect= (crypt($upass,$contentpwd) eq $contentpwd); } elsif ($howpwd eq 'unix') { $contentpwd=(getpwnam($uname))[1]; $pwdcorrect= (crypt($upass,$contentpwd) eq $contentpwd); } elsif ($howpwd eq 'krb4') { $pwdcorrect=( Authen::Krb4::get_pw_in_tkt($uname,"", $contentpwd,'krbtgt',$contentpwd,1, $upass) == 0); } if ($pwdcorrect) { print $client "authorized\n"; } else { print $client "non_authorized\n"; }
1. Login as user=sysadm. 2. cd ~ 3. mkdir install 4. cd install 5. wget http://www.wwnet.net/~janc/software/mod_auth_external-2.1.15.tar.gz 6. tar xzvf mod_auth_external-2.1.15.tar.gz 7. cd mod_auth_external/pwauth 8. alter the config.h file line to match the UID of www #define SERVER_UIDS 500 /* user "www" */ 9. make 10. sudo emacs -nw /etc/pam.d/pwauth If you have a /etc/pam.d directory, you need to create a file named "pwauth" inside it. To authenticate out of the Unix Shadow file under Redhat 6.x, the /etc/pam.d/pwauth file should look something like this: auth required /lib/security/pam_pwdb.so shadow nullok auth required /lib/security/pam_nologin.so account required /lib/security/pam_pwdb.so 11. Place ~/mod_auth_external/pwauth/pwauth in /usr/local/sbin/ with setuid permissions. sudo cp /home/sysadm/install/mod_auth_external/pwauth/pwauth /usr/local/sbin/. sudo chmod 6755 /usr/local/sbin/pwauth