--- doc/build/Attic/loncapapasswordauthentication.html 2001/02/10 17:07:47 1.1 +++ doc/build/Attic/loncapapasswordauthentication.html 2001/09/30 18:32:10 1.4 @@ -1,21 +1,76 @@ - -
-+ +
+Scott Harrison -
--Last updated: 02/10/2001 -
-+
++Last updated: 09/30/2001 +
+This file describes issues associated with authenticating passwords on a LON-CAPA system. -
--
- - + ++I am just now adding information on how to configure a LON-CAPA +system to work with shadow passwords. +
++The following section of perl code illustrates the +different ways passwords can be evaluated. +
++
+ my ($howpwd,$contentpwd)=split(/:/,$realpasswd); + my $pwdcorrect=0; + if ($howpwd eq 'internal') { + $pwdcorrect= + (crypt($upass,$contentpwd) eq $contentpwd); + } elsif ($howpwd eq 'unix') { + $contentpwd=(getpwnam($uname))[1]; + $pwdcorrect= + (crypt($upass,$contentpwd) eq $contentpwd); + } elsif ($howpwd eq 'krb4') { + $pwdcorrect=( + Authen::Krb4::get_pw_in_tkt($uname,"", + $contentpwd,'krbtgt',$contentpwd,1, + $upass) == 0); + } + if ($pwdcorrect) { + print $client "authorized\n"; + } else { + print $client "non_authorized\n"; + } ++ +
+1. Get http://www.wwnet.net/~janc/software/mod_auth_external-2.1.13.tar.gz + +2. cd mod_auth_external/pwauth + +3. alter the config.h file line to match the UID of www +#define SERVER_UIDS 500 /* user "www" */ + +4. + If you have a /etc/pam.d directory, you need to create a file named + "pwauth" inside it. To authenticate out of the Unix Shadow file + under Redhat 6.x, the /etc/pam.d/pwauth file should look something like + this: + + auth required /lib/security/pam_pwdb.so shadow nullok + auth required /lib/security/pam_nologin.so + account required /lib/security/pam_pwdb.so + + +5. place pwauth in /usr/local/sbin/. + + + +