Annotation of doc/build/loncapapasswordauthentication.html, revision 1.6
1.4 harris41 1: <html>
2: <head>
3: <title>LON-CAPA Password authentication</title>
4: </head>
5: <body>
6: <h1>LON-CAPA Password authentication</h1>
7: <p>
1.1 harris41 8: Scott Harrison
1.4 harris41 9: </p>
10: <p>
11: Last updated: 09/30/2001
12: </p>
13: <p>
1.1 harris41 14: This file describes issues associated with authenticating
15: passwords on a LON-CAPA system.
1.4 harris41 16: </p>
17: <p>
18: I am just now adding information on how to configure a LON-CAPA
19: system to work with shadow passwords.
20: </p>
21: <h3>Latest HOWTO</h3>
22: <p>
1.2 harris41 23: The following section of perl code illustrates the
24: different ways passwords can be evaluated.
1.4 harris41 25: </p>
26: <p>
27: <pre>
1.2 harris41 28: my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
29: my $pwdcorrect=0;
30: if ($howpwd eq 'internal') {
31: $pwdcorrect=
32: (crypt($upass,$contentpwd) eq $contentpwd);
33: } elsif ($howpwd eq 'unix') {
34: $contentpwd=(getpwnam($uname))[1];
35: $pwdcorrect=
36: (crypt($upass,$contentpwd) eq $contentpwd);
37: } elsif ($howpwd eq 'krb4') {
38: $pwdcorrect=(
39: Authen::Krb4::get_pw_in_tkt($uname,"",
40: $contentpwd,'krbtgt',$contentpwd,1,
41: $upass) == 0);
42: }
43: if ($pwdcorrect) {
44: print $client "authorized\n";
45: } else {
46: print $client "non_authorized\n";
47: }
1.4 harris41 48: </pre>
49: </p>
50: <hr />
51: Making a LON-CAPA system work with shadow passwords (in five steps;
52: assuming that the linux system is configured for shadow passwords)
53: <pre>
1.6 ! harris41 54: 1. Login as user=sysadm.
! 55: 2. cd ~
! 56: 3. mkdir install
! 57: 4. cd install
! 58: 5. wget http://www.wwnet.net/~janc/software/mod_auth_external-2.1.15.tar.gz
! 59: 6. tar xzvf mod_auth_external-2.1.15.tar.gz
! 60: 7. cd mod_auth_external/pwauth
! 61: 8. alter the config.h file line to match the UID of www
1.4 harris41 62: #define SERVER_UIDS 500 /* user "www" */
1.6 ! harris41 63: 9. make
! 64: 10. sudo emacs -nw /etc/pam.d/pwauth
1.4 harris41 65: If you have a /etc/pam.d directory, you need to create a file named
66: "pwauth" inside it. To authenticate out of the Unix Shadow file
67: under Redhat 6.x, the /etc/pam.d/pwauth file should look something like
68: this:
69:
70: auth required /lib/security/pam_pwdb.so shadow nullok
71: auth required /lib/security/pam_nologin.so
72: account required /lib/security/pam_pwdb.so
1.6 ! harris41 73: 11.
! 74: Place ~/mod_auth_external/pwauth/pwauth in /usr/local/sbin/ with
! 75: setuid permissions.
! 76: sudo cp /home/sysadm/install/mod_auth_external/pwauth/pwauth /usr/local/sbin/.
! 77: sudo chmod 6755 /usr/local/sbin/pwauth
! 78: </pre>
1.4 harris41 79: </body>
80: </html>
1.2 harris41 81:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to loncapapasswordauthentication.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / doc / build