External Authentication Module, NWAuth

This module is the default module that most NetWin Ltd products use. This uses a simple text file were all the users information is stored. All password are encoded using 'crypt'.


Installing and Setup

This fully usable example external authentication module comes in most distribution sets that support external authentication. If you have not got a build and/or require the lastest source code it can be downloaded from the one of the links below:

Source: nwauth_40g_source.zip
Windows nwauth_4.0i_windows.zip 60k
Linux (Libc6) nwauth30a_linuxlibc6.tar.Z 48k

Building From Source:

If you are build NWAuth from the source you will need to have a C compiler either cc or gcc. To build the command line prompt would be:

gcc -o nwauth -g -w -Dunix nwauth.c -lc

Note: if you get crypt errors you may need to add, -lcrypt to the end of the line (eg: on RedHat6 and above).


Command Line Options:

-path Tells NWAuth where to create it's logfile and where to find it's config file.
-debug Sets the logging level to debug.
-log turns on logging to nwauth.log.
-logpass testing option, log full command as given (includes password!)
-readonly Use on slaves that don't need to update files.
-encrypt user/all  
-generate n Creates accounters test0..testn passwords test.
-size x Sets max size of nwauth.add.
-sleep x y Testing option, sleep for y seconds first and every xth response
drop_path <hash> <base> Testing option, give drop path using DPOP hashing, hash=0,1,2, base is common drop path
-badchar <string> Overrides default bad character list with the string
-badchar_localpart <string> Overrides default localpart (before the @) bad character list with the string
-allowats Disables check for more than one '@' symbol in username
-allowhighascii Disables check for high and low ascii in username

NWAuth Notes

  • NWAuth is case insensitive for the usernames, so to avoid using up users on your license, with for example three bobs, being bob, BOB and Bob, you should probably set lowercase_username true. This also means that you cannot end up with mixed case drop file and bin files on UNIX platforms - so well worth doing.
  • Version 2 and above of NWAuth add users to an intermediate user file, nwauth.add, when this reaches 3kBytes, the entries
    in this file are added to nwauth.txt. This makes user addition much faster on large user databases.
  • NWAuth and NFS drives Important information for those using NFS drives

See the Performance Page for information about NWAuth's efficiency with 100,000 users.


Error recovery - recover lost users.

In the event of loosing some users from the database for any unknown reason (deleting a file manually etc) you can rebuild the user database like this using the journal entries it keeps.

# First copy nwauth.* files

mkdir backup

copy nwauth.* backup

# Then use this command to get a list of changes it will make:

nwauth -path . -test

# Then run it with -fix to actually add the missing users:

nwauth -path . -fix


Supported Commands

The commands below are the list of commands that this module supports. For a full description about the command see Authentication Protocol

Command Parameters
check <user> <pass>
lookup <user>
set <user> <pass>|(NULL) [label="value"]
del <user>
search <string> [-from n] [-max m]
help
quit
exit