[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: remove auth routine
On Wednesday 06 November 2002 20:07, William Groh wrote:
> Worked Beautifully. Now you can use your third party authentication,
> just make sure there is a northstar user with matching username and the
> universal password specified and all is well.
>
Cool, maybe I should add API hooks for the authentication system so people can
write modules for authentication.. I will add it to the 1.8 feature list.
> wg
>
> Hitesh Patel wrote:
> >On Wednesday 06 November 2002 14:31, William Groh wrote:
> >>Does anybody have a code frag to have northstar login as admin
> >>automatically?
> >
> >Hmm.. maybe.. ;-)
> >
> >>I have a kerberos / ldap based auth system that sets group membership
> >>etc, so I wanted to change the main subroutine to just login as admin
> >>until I can figure out if we want NS to pass the apache user env var to
> >>lookup from sql for acls or just have everyone use admin access..
> >
> >Well.. there are two ways to do this. The current version (1.6.. which
> > i'm assuming your using) does the following:
> >
> >if the user is trying to logout then
> > logout user
> >else if the session id was acquired from a cookie
> > check the session id and set the username for the program then continue
> >else if the form vars 'username' and 'passwd' are present then
> > try to login the user and set the session cookie
> >else
> > spit out the login page
> >
> >
> >You can basically short-circuit this by explicitly setting the username
> > and password before the auth check and that will then always login the
> > specified user and generate a session id. Then subsequent requests will
> > use the set session id and continue.
> >
> >There are a couple ways to explicitly set the username and password:
> >
> > 1. Set it the admin/adminpassword (no acl's.. yuck!!)
> > 2. Set the username to the value of the REMOTE_USER environment
> > variable set by apache when it does authentication. You then
> > need to set ALL passwords in NorthStar to the same value.. this
> > will get you per user ACL's, and as long as your apache auth
> > is secure things would work ok.
> >
> >I would use option 2 however, I have attached diff's for using either
> > option. If you use option 1 go into NorthStar.cgi AFTER applying the
> > patch and edit line 84 to contain your admin password.
> >
> >If you use option 2 edit line 88 (after applying the patch) to contain the
> >password you chose to use for all the users.
> >
> >I haven't tested these patches so you may have to make minor changes.. I'm
> >pretty sure they will work though.
> >
> >Let us know how things go.
> >
> >
> >
> >
> >------------------------------------------------------------------------
> >
> >*** NorthStar.cgi.orig Wed Nov 6 19:12:50 2002
> >--- NorthStar.cgi Wed Nov 6 19:14:06 2002
> >***************
> >*** 80,85 ****
> >--- 80,88 ----
> >
> > my($sid) = $cgi->cookie('NorthStarSID');
> >
> >+ $form{'username'} = 'admin';
> >+ $form{'password'} = 'your_admin_password';
> >+
> > if($form{'r'} eq 'logout') {
> > my($c) = $cgi->cookie(-name => 'NorthStarSID',
> > -value => ''
> >
> >
> >------------------------------------------------------------------------
> >
> >*** NorthStar.cgi.orig Wed Nov 6 19:15:57 2002
> >--- NorthStar.cgi Wed Nov 6 19:18:01 2002
> >***************
> >*** 80,85 ****
> >--- 80,92 ----
> >
> > my($sid) = $cgi->cookie('NorthStarSID');
> >
> >+ if($ENV{'REMOTE_USER'}) {
> >+ $form{'username'} = $ENV{'REMOTE_USER'};
> >+ } else {
> >+ ExitError("The authentication information was not found");
> >+ }
> >+ $form{'passwd'} = 'your_universal_password';
> >+
> > if($form{'r'} eq 'logout') {
> > my($c) = $cgi->cookie(-name => 'NorthStarSID',
> > -value => ''
--
+---------------------------------+----------------------------+
| Hitesh Patel | Voice: (541) 759-3126 |
| Network Engineering Manager | Fax: (541) 759-3214 |
| Preferred Communications Inc. | Email: hitesh@pciwest.net |
+---------------------------------+----------------------------+