[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: remove auth routine



Worked Beautifully. Now you can use your third party authentication, just make sure there is a northstar user with matching username and the universal password specified and all is well.

wg


Hitesh Patel wrote:

On Wednesday 06 November 2002 14:31, William Groh wrote:

Does anybody have a code frag to have northstar login as admin
automatically?

Hmm.. maybe.. ;-)

I have a kerberos / ldap based auth system that sets group membership
etc, so I wanted to change the main subroutine to just login as admin
until I can figure out if we want NS to pass the apache user env var to
lookup from sql for acls or just have everyone use admin access..


Well.. there are two ways to do this. The current version (1.6.. which i'm assuming your using) does the following:

if the user is trying to logout then
logout user
else if the session id was acquired from a cookie
check the session id and set the username for the program then continue
else if the form vars 'username' and 'passwd' are present then
try to login the user and set the session cookie
else spit out the login page


You can basically short-circuit this by explicitly setting the username and password before the auth check and that will then always login the specified user and generate a session id. Then subsequent requests will use the set session id and continue.

There are a couple ways to explicitly set the username and password:

1. Set it the admin/adminpassword (no acl's.. yuck!!)
2. Set the username to the value of the REMOTE_USER environment variable set by apache when it does authentication. You then
need to set ALL passwords in NorthStar to the same value.. this
will get you per user ACL's, and as long as your apache auth
is secure things would work ok.

I would use option 2 however, I have attached diff's for using either option. If you use option 1 go into NorthStar.cgi AFTER applying the patch and edit line 84 to contain your admin password.

If you use option 2 edit line 88 (after applying the patch) to contain the password you chose to use for all the users.

I haven't tested these patches so you may have to make minor changes.. I'm pretty sure they will work though.

Let us know how things go.



------------------------------------------------------------------------

*** NorthStar.cgi.orig Wed Nov 6 19:12:50 2002
--- NorthStar.cgi Wed Nov 6 19:14:06 2002
***************
*** 80,85 ****
--- 80,88 ----
my($sid) = $cgi->cookie('NorthStarSID');
+ $form{'username'} = 'admin';
+ $form{'password'} = 'your_admin_password';
+ if($form{'r'} eq 'logout') {
my($c) = $cgi->cookie(-name => 'NorthStarSID',
-value => ''

------------------------------------------------------------------------

*** NorthStar.cgi.orig Wed Nov 6 19:15:57 2002
--- NorthStar.cgi Wed Nov 6 19:18:01 2002
***************
*** 80,85 ****
--- 80,92 ----
my($sid) = $cgi->cookie('NorthStarSID');
+ if($ENV{'REMOTE_USER'}) {
+ $form{'username'} = $ENV{'REMOTE_USER'};
+ } else {
+ ExitError("The authentication information was not found");
+ }
+ $form{'passwd'} = 'your_universal_password';
+ if($form{'r'} eq 'logout') {
my($c) = $cgi->cookie(-name => 'NorthStarSID',
-value => ''