Forum OpenACS Q&A: using unix password file for authentication

Hi,

Has anyone used the a password file authentication??.
Any ideas on how to do it?

I only found an old thread: https://openacs.org/bboard/q-and-a-fetch-msg.tcl?msg_id=0002bP&topic_id=11&topic=OpenACS
but didn't say much.

Collapse
Posted by Radam Batnag on

I did this on an old OpenACS 3.2.5 project. It's limited to a few specialized cases, ugly, and a potential security hole. You may want to check out LDAP authentication instead.

Here's how I did it anyway.

  1. Synch the unix password and the OACS password first.
  2. Modify the change password .tcl script in OACS. After changing the password in the database, call a shell script that changes the user unix password.
  3. Don't allow unix users to change their password from the shell or from some other utility. Have them modify their password through OACS.
For our companies Intranet, we did a variation on this theme. Every employee has a login to a dual-alpha Tru64 Unix box that, among other things, provides pop3 service.

We modified the login process to call a custom proc that opened a socket to the port 110 on the Tru64 box and sent the username and password. If the pop daemon respons with either a "+OK" or a "-ERR Could not lock" then we know the password is good; otherwise it isn't. If it is we call ad_user_login $user_id to log them in.