Forum OpenACS Q&A: using unix password file for authentication

1: using unix password file for authentication

Posted by Rafael Calvo on 07/24/02 12:51 AM

Hi,

Has anyone used the a password file authentication??.
Any ideas on how to do it?

I only found an old thread: https://openacs.org/bboard/q-and-a-fetch-msg.tcl?msg_id=0002bP&topic_id=11&topic=OpenACS
but didn't say much.

2: Response to using unix password file for authentication (response to 1)

Posted by Radam Batnag on 07/25/02 04:48 PM

I did this on an old OpenACS 3.2.5 project. It's limited to a few specialized cases, ugly, and a potential security hole. You may want to check out LDAP authentication instead.

Here's how I did it anyway.

Synch the unix password and the OACS password first.
Modify the change password .tcl script in OACS. After changing the password in the database, call a shell script that changes the user unix password.
Don't allow unix users to change their password from the shell or from some other utility. Have them modify their password through OACS.

3: Response to using unix password file for authentication (response to 1)

Posted by Michael A. Cleverly on 09/04/02 08:44 AM

For our companies Intranet, we did a variation on this theme. Every employee has a login to a dual-alpha Tru64 Unix box that, among other things, provides pop3 service.

We modified the login process to call a custom proc that opened a socket to the port 110 on the Tru64 box and sent the username and password. If the pop daemon respons with either a "+OK" or a "-ERR Could not lock" then we know the password is good; otherwise it isn't. If it is we call ad_user_login $user_id to log them in.