File:
[LON-CAPA] /
doc /
build /
Attic /
loncapapasswordauthentication.html
Revision
1.6:
download - view:
text,
annotated -
select for diffs
Wed Feb 27 00:19:47 2002 UTC (22 years, 6 months ago) by
harris41
Branches:
MAIN
CVS tags:
version_1_0_3,
version_1_0_2,
version_1_0_1,
version_1_0_0,
version_0_99_5,
version_0_99_4,
version_0_99_3,
version_0_99_2,
version_0_99_1,
version_0_99_0,
version_0_6_2,
version_0_6,
version_0_5_1,
version_0_5,
version_0_4,
stable_2002_july,
stable_2002_april,
conference_2003,
STABLE,
HEAD
a newer pwauth was released by apache group and the instructions
need to be more detailed
1: <html>
2: <head>
3: <title>LON-CAPA Password authentication</title>
4: </head>
5: <body>
6: <h1>LON-CAPA Password authentication</h1>
7: <p>
8: Scott Harrison
9: </p>
10: <p>
11: Last updated: 09/30/2001
12: </p>
13: <p>
14: This file describes issues associated with authenticating
15: passwords on a LON-CAPA system.
16: </p>
17: <p>
18: I am just now adding information on how to configure a LON-CAPA
19: system to work with shadow passwords.
20: </p>
21: <h3>Latest HOWTO</h3>
22: <p>
23: The following section of perl code illustrates the
24: different ways passwords can be evaluated.
25: </p>
26: <p>
27: <pre>
28: my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
29: my $pwdcorrect=0;
30: if ($howpwd eq 'internal') {
31: $pwdcorrect=
32: (crypt($upass,$contentpwd) eq $contentpwd);
33: } elsif ($howpwd eq 'unix') {
34: $contentpwd=(getpwnam($uname))[1];
35: $pwdcorrect=
36: (crypt($upass,$contentpwd) eq $contentpwd);
37: } elsif ($howpwd eq 'krb4') {
38: $pwdcorrect=(
39: Authen::Krb4::get_pw_in_tkt($uname,"",
40: $contentpwd,'krbtgt',$contentpwd,1,
41: $upass) == 0);
42: }
43: if ($pwdcorrect) {
44: print $client "authorized\n";
45: } else {
46: print $client "non_authorized\n";
47: }
48: </pre>
49: </p>
50: <hr />
51: Making a LON-CAPA system work with shadow passwords (in five steps;
52: assuming that the linux system is configured for shadow passwords)
53: <pre>
54: 1. Login as user=sysadm.
55: 2. cd ~
56: 3. mkdir install
57: 4. cd install
58: 5. wget http://www.wwnet.net/~janc/software/mod_auth_external-2.1.15.tar.gz
59: 6. tar xzvf mod_auth_external-2.1.15.tar.gz
60: 7. cd mod_auth_external/pwauth
61: 8. alter the config.h file line to match the UID of www
62: #define SERVER_UIDS 500 /* user "www" */
63: 9. make
64: 10. sudo emacs -nw /etc/pam.d/pwauth
65: If you have a /etc/pam.d directory, you need to create a file named
66: "pwauth" inside it. To authenticate out of the Unix Shadow file
67: under Redhat 6.x, the /etc/pam.d/pwauth file should look something like
68: this:
69:
70: auth required /lib/security/pam_pwdb.so shadow nullok
71: auth required /lib/security/pam_nologin.so
72: account required /lib/security/pam_pwdb.so
73: 11.
74: Place ~/mod_auth_external/pwauth/pwauth in /usr/local/sbin/ with
75: setuid permissions.
76: sudo cp /home/sysadm/install/mod_auth_external/pwauth/pwauth /usr/local/sbin/.
77: sudo chmod 6755 /usr/local/sbin/pwauth
78: </pre>
79: </body>
80: </html>
81:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>