--- doc/build/Attic/loncapapasswordauthentication.html	2001/02/10 17:07:47	1.1
+++ doc/build/Attic/loncapapasswordauthentication.html	2001/09/30 18:33:08	1.5
@@ -1,21 +1,76 @@
-<HTML>
-<HEAD>
-<TITLE>LON-CAPA Password authentication</TITLE>
-</HEAD>
-<BODY>
-<H1>LON-CAPA Password authentication</H1>
-<P>
+<html>
+<head>
+<title>LON-CAPA Password authentication</title>
+</head>
+<body>
+<h1>LON-CAPA Password authentication</h1>
+<p>
 Scott Harrison
-</P>
-<P>
-Last updated: 02/10/2001
-</P>
-<P>
+</p>
+<p>
+Last updated: 09/30/2001
+</p>
+<p>
 This file describes issues associated with authenticating
 passwords on a LON-CAPA system.
-</P>
-<H3>Latest HOWTO</H3>
-<P>
-</P>
-</BODY>
-</HTML>
+</p>
+<p>
+I am just now adding information on how to configure a LON-CAPA
+system to work with shadow passwords.
+</p>
+<h3>Latest HOWTO</h3>
+<p>
+The following section of perl code illustrates the
+different ways passwords can be evaluated.
+</p>
+<p>
+<pre>
+                          my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
+                          my $pwdcorrect=0;
+                          if ($howpwd eq 'internal') {
+			      $pwdcorrect=
+				  (crypt($upass,$contentpwd) eq $contentpwd);
+                          } elsif ($howpwd eq 'unix') {
+                              $contentpwd=(getpwnam($uname))[1];
+                              $pwdcorrect=
+                                  (crypt($upass,$contentpwd) eq $contentpwd);
+                          } elsif ($howpwd eq 'krb4') {
+                              $pwdcorrect=(
+                                 Authen::Krb4::get_pw_in_tkt($uname,"",
+                                        $contentpwd,'krbtgt',$contentpwd,1,
+							     $upass) == 0);
+                          }
+                          if ($pwdcorrect) {
+                             print $client "authorized\n";
+                          } else {
+                             print $client "non_authorized\n";
+                          }  
+</pre>
+</p>
+<hr />
+Making a LON-CAPA system work with shadow passwords (in five steps;
+assuming that the linux system is configured for shadow passwords)
+<pre>
+1. Get http://www.wwnet.net/~janc/software/mod_auth_external-2.1.13.tar.gz
+
+2. cd mod_auth_external/pwauth
+
+3. alter the config.h file line to match the UID of www
+#define SERVER_UIDS 500         /* user "www" */
+
+4.
+      If you have a /etc/pam.d directory, you need to create a file named
+      "pwauth" inside it.  To authenticate out of the Unix Shadow file
+      under Redhat 6.x, the /etc/pam.d/pwauth file should look something like
+      this:
+
+        auth       required     /lib/security/pam_pwdb.so shadow nullok
+        auth       required     /lib/security/pam_nologin.so
+        account    required     /lib/security/pam_pwdb.so
+
+
+5.  place pwauth in /usr/local/sbin/.  (chmod 6755 /usr/local/sbin/pwauth)
+
+</body>
+</html>
+