Scott Harrison
Last updated: 09/30/2001
This file describes issues associated with authenticating passwords on a LON-CAPA system.
I am just now adding information on how to configure a LON-CAPA system to work with shadow passwords.
The following section of perl code illustrates the different ways passwords can be evaluated.
my ($howpwd,$contentpwd)=split(/:/,$realpasswd);
my $pwdcorrect=0;
if ($howpwd eq 'internal') {
$pwdcorrect=
(crypt($upass,$contentpwd) eq $contentpwd);
} elsif ($howpwd eq 'unix') {
$contentpwd=(getpwnam($uname))[1];
$pwdcorrect=
(crypt($upass,$contentpwd) eq $contentpwd);
} elsif ($howpwd eq 'krb4') {
$pwdcorrect=(
Authen::Krb4::get_pw_in_tkt($uname,"",
$contentpwd,'krbtgt',$contentpwd,1,
$upass) == 0);
}
if ($pwdcorrect) {
print $client "authorized\n";
} else {
print $client "non_authorized\n";
}
1. Get http://www.wwnet.net/~janc/software/mod_auth_external-2.1.13.tar.gz
2. cd mod_auth_external/pwauth
3. alter the config.h file line to match the UID of www
#define SERVER_UIDS 500 /* user "www" */
4.
If you have a /etc/pam.d directory, you need to create a file named
"pwauth" inside it. To authenticate out of the Unix Shadow file
under Redhat 6.x, the /etc/pam.d/pwauth file should look something like
this:
auth required /lib/security/pam_pwdb.so shadow nullok
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_pwdb.so
5. place pwauth in /usr/local/sbin/. (chmod 6755 /usr/local/sbin/pwauth)