Forum OpenACS Q&A: using unix password file for authentication
Has anyone used the a password file authentication??.
Any ideas on how to do it?
I only found an old thread: http://openacs.org/bboard/q-and-a-fetch-msg.tcl?msg_id=0002bP&topic_id=11&topic=OpenACS
but didn't say much.
I did this on an old OpenACS 3.2.5 project. It's limited to a few specialized cases, ugly, and a potential security hole. You may want to check out LDAP authentication instead.
Here's how I did it anyway.
- Synch the unix password and the OACS password first.
- Modify the change password .tcl script in OACS. After changing the password in the database, call a shell script that changes the user unix password.
- Don't allow unix users to change their password from the shell or from some other utility. Have them modify their password through OACS.
We modified the login process to call a custom proc that opened a socket to the port 110 on the Tru64 box and sent the username and password. If the pop daemon respons with either a "+OK" or a "-ERR Could not lock" then we know the password is good; otherwise it isn't. If it is we call ad_user_login $user_id to log them in.