[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] using the same passwords for everything
- Subject: RE: [cobalt-users] using the same passwords for everything
- From: BSmith@xxxxxxxxxxx
- Date: Thu Jan 16 06:09:01 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
-----Original Message-----
From: Josh Kuperman [mailto:josh@xxxxxxxxxxxxxxxxxx]
Subject: Re: [cobalt-users] using the same passwords for everything
>>I should have been clearer since the problem isn't really the password
>>mechanism, but what is supported by different programs on my RaQ
>>XTR. I assume PAM of some sort, but other than knowing the encrypted
>>passwds /etc/shadow are not encrypted by same kind of mechanism that
>>htpasswd uses by default, I've no idea. If I could make appache use
>>that mechanism and just copy the entrys from /etc/shadow for the
>>appropriate people it would suffice. I'm not even sure of the
>>appropriateness of the mechanism. I just want all my password
>>protected resources to use the same password for the same user. This
>>is a security issue because they are relatively unskilled users who
>>will use the same password for everything regardless. I'd rather have
>>one or two relatively secure files than have everything scattered all
>>over and of course if they had to use two passwords they would need to
>>write them down on a sticky note and put it on their computers (which
>>they will probably do anyhow)
For the htpasswd portion in your .htaccess why not point it to /etc/passwd ?
Apache knows how to authenticate from there. Not the best thing to do, but
it
does work just fine.
>>Squid and Apache use a different mechanism. Because of the nature of
>>the RaQ everything is basically a web resource. Most of the
>>suggestions really only make sense for networks of machines - which we
>>have but the RaQ isn't attached to them, it stands alone. [It is
>>attached to network but nobody using that network logs onto anything.]
Never worked with squid, but I can only assume the same thing should apply,
considering squid has been around for years. Did you look at their FAQs? I
am
sure you can find what your looking for their.
>>So is there a password management program so I can get it so that the
>>password created by the web interface for users on the RaQ is their
>>password for the other applications mentioned. The mechanisms that
>>WebMail use are sufficient.
Just anytime it requires a password file, point it to: /etc/passwd
If you do that, all the apps will share the same password. Not as hard as
everyone makes it out to be.
Here is some help ... For apache:
http://httpd.apache.org/docs/misc/FAQ.html#passwdauth
For Squid:
The Squid source code comes with a few authentication processes. These
include:
LDAP: Uses the Lightweight Directory Access Protocol
NCSA: Uses an NCSA-style username and password file.
MSNT: Uses a Windows NT authentication domain.
PAM: Uses the Linux Pluggable Authentication Modules scheme.
SMB: Uses a SMB server like Windows NT or Samba.
getpwam: Uses the old-fashioned Unix password file.
In order to authenticate users, you need to compile and install one of the
supplied authentication modules, one of the others, or supply your own.
You tell Squid which authentication program to use with the authenticate
program option in squid.conf. You specify the name of the program, plus any
command line options if necessary. For example:
authenticate_program /usr/local/squid/bin/ncsa_auth
/usr/local/squid/etc/passwd
So, as you see ... it can use PAM, which the Cobalt RaQ uses, you just need
to configure it.
Go to: http://www.squid-cache.org/ for more information.
Enjoy,
Brian