Scott Harrison
Last updated: 02/10/2001
This file describes issues associated with managing user passwords on a LON-CAPA system.
There are three main topics when considering user passwords: authentication, accessing the file system, and web-based access.
Authentication is covered in a separate document. I will briefly mention that LON-CAPA supports different kinds of authentication that can be customized for use within different institutional computing environments. Authentication, whether it be related to web-based access, or accessing the file system, is strictly the job of library servers, not access servers.
Web-based access is initiated through a javascript encrypted protocol. The server enables access to LON-CAPA from the client IP address until the user logs out, or time expires without any action made by the user on the web pages. Web-based access is something which is implemented for the full range of users--from students to course administrators to content developers. LON-CAPA relies upon the /home/httpd/lonUsers/ directories to store information about password authentication for the users of a given system.
Something which is not implemented for the full range of users, but which is reserved for content developers, is file system access. LON-CAPA provides for a wide range of file system access including SSH, Samba (Windows Network Neighborhood), Appleshares, an FTP. Three files are involved with coordinating file system access: /etc/group, /etc/smbpasswd, and /etc/passwd.
Correctly handling the contents of /home/httpd/lonUsers directories, and the /etc/group, /etc/smbpasswd, and /etc/passwd files is of critical importance to ensure uninterrupted access to the LON-CAPA network.
This document will be developed further.