Authentication Module, TCPAuth

TCPAuth is a server process which runs authent modules and provides a TCPIP PORT interface to it's client External Authentication Module. 

TCPAuth has two parts:

  1. TCPAuthsvr - the TCPIP server, which runs your authentication module and hence provides TCPIP access to your database.
  2. TCPAuth - the client to the TCPAuth Server. It is an authentication module which talks to TCPAuthsvr, but in other ways behaves just like a normal NetWin authent module.

Because the client and server communicate via TCPIP, TCPAuth may be a good option for systems that have a cluster of servers which need access to the authentication module, eg: the SurgeMail server, DSMTP, DPOP, IMAPD and also if you are running the NetAuth product on a web server, on a separate box.

By using the TCPAuth Server, transitory processes like IMAPD, which is spawned for each connection, can authenticate quickly, even if your authent module itself takes several seconds to start.

This module is available for both Windows and UNIX platforms, so it also has the great advantage that you can run the server on one platform (where your database is located) and the client on another platform.


Installing and Setup

Some applications come with TCPAuth already built. If you have not got a build and/or require the lastest code it can be downloaded from the one of the links below:

TCPAuth Client

Source: Not Available
Windows tcpauth_12a.exe 236k
Linux tcpauth10d_linux.tar.Z 215k
freebsd tcpauth_11e_freebsd.tar.Z 209k
Solaris tcpauth_11e_solaris.tar.Z 329k

TCPAuth Server

Source: Not Available  
Windows tcpauthsvr_12a.exe 364k
freebsd tcpauthsvr_10d_freebsd4.tar.Z 140k

 

Once downloaded it to install you run like this:

./tcpauthsvr -install

You will probably need to modify /etc/tcpauthsvr.conf (or c:\winnt\system32\tcpauthsvr.conf ) in order to make it run your real authent module, eg:

authent_process /usr/local/surgemail/your_module_name

Next you configure the tcpauth client for use in SurgeMail, SurgeFTP, DBabble or any other Netwin product that supports the authent protocol. The setting will look something like this (the setting name may vary from product to product):

g_authent_process "/usr/local/surgemail/tcpauth -host 1.2.3.4"

The -host specifies the ip of the tcpauth server machine.

Secure TCPIP connection

TCPAuth Server and Client automatically encrypt communication between themselves if they are on the same machine.

If you are running the client on a different machine, you must copy a file from the server machine to the machine running the client. The file you will need to copy is,
on Windows:

c:\winnt\system32\xlate.dat

on UNIX:

/etc/xlate.dat

and you need to place it in one of those two locations (whichever is relevant for the Operating System) on the machine running the TCPAuth client. The file can be transferred in ASCII mode between NT and UNIX boxes. You may need to overwrite the file which you find there.

Windows Users Gotcha! TCPAuth Server Runs as System...

Note these three important things on Windows NT, Windows 2000, and TCPAuth Server ...

1. Will be running as a Service.

2. Will also be set to run as the 'system account'.

3. Defaults to c:\winnt\system32 as the 'home directory' for any authent module which it runs.

So, you will need to ensure that your authentication module can find it's configuration file if it has one, and that it can run as the 'system account' user.

You can set the TCPAuth Server to run as another user account, eg: where it needs to access a shared network drive, but this is not recommended unless you need to.

Here are some specific details for some authentication modules...

NWAuth:

You may need to use the command line option, -path, in order to ensure that it can find the correct working directory. If so, set in c:\winnt\system32\tcpauthsvr.conf,

c:\surgemail\nwauth.exe -path c:\surgemail

and restart the TCPAuth server. This will ensure that NWAuth finds, for example, one of its user database files, c:\surgemail\nwauth.txt .

ODBCAuth:

ODBCAuth requires you to have set up a ODBC data source (see the icon in your system control panel). In order to allow the 'system account' to access this file, you must create the data source as a 'System Data Source' rather than as the default, 'User Data Source'.

Also, you should ensure that your odbcauth.ini file is located at,

c:\winnt\system32\odbcauth.ini

rather than,

c:\surgemail\odbcauth.ini

 

Configuration Options:

TCPAuth once installed create a file called /etc/tcpauthsvr.conf (or c:\winnt\system32\tcpauthsvr.conf ) to configurate it's options. The available options are:

Setting Default Function
authent_number 1 Specifies the number instances of the authentication module which the TCPAuth server should run. We recommend 3 or 4. NB: If you set it higher than 10 the server will not run.
authent_process (none, which means that NWAuth is the database) Allows you to specify an authentication module to be run as the database 'backend' rather than NWAuth.
log_dir (homedirectory) Allows you to specify a directory for the tcpauthsvr.log file other than c:\winnt\system32 or /usr/local/surgemail
debug false If set, the log file will contain debug level (detailed) information.
secret_file c:\winnt\system32\xlate.dat or /etc/xlate.dat Allows you to specify a non-standard secret file for encrypting the TCPIP sessions. Both the server and the client must be using a copy of the same file.
port 601 Specifies an alternate port if port 601 is not available.  Run clients using: tcpauth -host xxx:9000
nwauth_path d:\surgemail Specifies the place to find the NWAuth database

 

Un-installing TCPAuth

If you need to un-install the TCPAuth server, simply run the server with the -uninstall option, eg:

cd c:\surgemail
tcpauthsvr -uninstall


Supported Commands

The commands below are the list of commands that this module supports. For a full description about the command see Authentication Protocol

Command Parameters
check <user> <pass>
lookup <user>
set <user> <pass>|(NULL) [label="value"]
del <user>
search <string> [-from n] [-max m]
version
verbose
help
quit
exit