[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: remove auth routine

On Wednesday 06 November 2002 14:31, William Groh wrote:
> Does anybody have a code frag to have northstar login as admin
> automatically?

Hmm.. maybe.. ;-)
> I have a kerberos / ldap based auth system that sets group membership
> etc, so I wanted to change the main subroutine to just login as admin
> until I can figure out if we want NS to pass the apache user env var to
> lookup from sql for acls or just have everyone use admin access..

Well.. there are two ways to do this.  The current version (1.6.. which i'm 
assuming your using) does the following:

if the user is trying to logout then
  logout user
else if the session id was acquired from a cookie
  check the session id and set the username for the program then continue
else if the form vars 'username' and 'passwd' are present then
  try to login the user and set the session cookie
  spit out the login page

You can basically short-circuit this by explicitly setting the username and 
password before the auth check and that will then always login the specified 
user and generate a session id.  Then subsequent requests will use the set 
session id and continue.

There are a couple ways to explicitly set the username and password:

 1.  Set it the admin/adminpassword (no acl's.. yuck!!)
 2.  Set the username to the value of the REMOTE_USER environment 
     variable set by apache when it does authentication.  You then
     need to set ALL passwords in NorthStar to the same value.. this
     will get you per user ACL's, and as long as your apache auth
     is secure things would work ok.

I would use option 2 however, I have attached diff's for using either option.  
If you use option 1 go into NorthStar.cgi AFTER applying the patch and edit 
line 84 to contain your admin password.

If you use option 2 edit line 88 (after applying the patch) to contain the 
password you chose to use for all the users.

I haven't tested these patches so you may have to make minor changes.. I'm 
pretty sure they will work though.
Let us know how things go.

| Hitesh Patel                    |  Lead Developer            |
| hitesh@presys.com               |  NorthStar                 |
| NorthStar: http://www.brownkid.net/NorthStar/                |
| PGP Key:   http://www.brownkid.net/pgpkey.asc                |
*** NorthStar.cgi.orig	Wed Nov  6 19:12:50 2002
--- NorthStar.cgi	Wed Nov  6 19:14:06 2002
*** 80,85 ****
--- 80,88 ----
      my($sid) = $cgi->cookie('NorthStarSID');
+     $form{'username'} = 'admin';
+     $form{'password'} = 'your_admin_password';
      if($form{'r'} eq 'logout') {
          my($c) = $cgi->cookie(-name  => 'NorthStarSID',
                                -value => ''
*** NorthStar.cgi.orig	Wed Nov  6 19:15:57 2002
--- NorthStar.cgi	Wed Nov  6 19:18:01 2002
*** 80,85 ****
--- 80,92 ----
      my($sid) = $cgi->cookie('NorthStarSID');
+     if($ENV{'REMOTE_USER'}) {
+         $form{'username'} = $ENV{'REMOTE_USER'};
+     } else {
+         ExitError("The authentication information was not found");
+     }
+     $form{'passwd'} = 'your_universal_password';
      if($form{'r'} eq 'logout') {
          my($c) = $cgi->cookie(-name  => 'NorthStarSID',
                                -value => ''