UNIXAuth - External Authentication Module for UNIX password file

NB: This authentication module is currently in beta form only!

UNIXAuth is an external authentication program. It uses Netwin's External Authentication Protocol. Documentation on this standard can be found in the User Administration section of this DMail Manual.

UNIXAuth accesses and writes to the UNIX operating system user database, i.e. the /etc/passwd file or shadow password file.

UNIXAuth has been designed to replace the 'unix_user' option of the authent_method dmail.conf setting. It allows DMail to run an external authentication module but still access /etc/password. It also allows our web admin tool NetAuth to be used in order to administer users in the /etc/password file.

UNIXAuth uses the standard operating system user authentication calls (as the DMail servers do when authent_method is set to unix_user) in order to access the /etc/password file so that it works with any standard authentication system like shadow password files.

To install unixauth, you need to set

authent_method external
authent_process /usr/local/dmail/unixauth
in your /etc/dmail.conf file and restart both DSMTP and DPOP.

We suggest that you edit the unixauth.ini file first and then test it from the command line, e.g., the following adds a user called bob and checks that he can be looked up and 'checked' (authenticated),

/usr/local/dmail/unixauth
set bob secret
lookup bob
check bob secret
quit

On this page ...

  1. 1. Ini Settings.
  2. 2. Error codes.
  3. 3. Output.
  4. 4. Download and History.



1. Ini settings

Although you can put the unixauth.ini file in the same directory as the unixauth executable, e.g. /usr/local/dmail we recommend that you ensure your machine has only one copy of the file, and that you put it in the /etc/ directory as /etc/unixauth.ini

Click on this link in order to download an example unixauth.ini file.

The ini file allows you to specify any of the following settings...

path <path> Path sets the path for locating the ini file, and also determines where the log file will be created. For example, running unixauth -path /var/log will cause it to load the unixauth.ini file from the /var/log directory if there is a path setting in the /var/log/unixauth.ini file, unixauth will then create it's log file in the new directory.
log <level> This setting can be used as just "log", or you can specify a level of logging, like so: "log debug" or "-log debug". It has three valid logging levels - error, info and debug.
debug This setting causes unixauth to run with logging set to debug mode. It is equivalent to a "log debug" or "-log debug".
group <name> This specifies the group which the user created will belong to. This group must belong on the host which the users are being added to. This can be a string or, on Unix, a GID.
script_path This is a path to the shell files. Any shell setting must exist in this path. There is no default for this. If no setting is found, shell settings are assumed to be from the root.
uname Set default "name" field. Automatically set to "Unix Auth <version> User".
shell Default "shell" field. Automatically set to "/bin/bash".
base_uid Base number to start adding new UID's. Automatically set to "100".
home_path Default base-directory for "home" field. Actual "home" field is set to <base>/<username>. e.g. /home/root. Automatically set to "/home"

EXAMPLE unix ini file <unixauth.ini>

path /usr/local/dmail
log error
group users
base_uid 500

 



2. Error codes

These errors were written in an attempt to be descriptive enough so that you could problem solve without too much hassle. If you are completely stumped and have no idea why you are receiving an error, it could be our fault entirely :-), so simply email the error and what you were trying to do to "Sysauth Help" <support-netauth@netwinsite.com>.

"-ERR ##:Unknown error has occurred."
There was an error. We need the error number ## to determine what went wrong.

"-ERR Not a valid command (nocommand) use help"
You didn't enter a command.

"-ERR Not a valid command (<command>) use "help""
You entered <command> which was not recognized by unixauth as a valid command.

"-DEAD Unable to open {<file>,<reason>}"
"-DEAD Error with open of password file {<file>,<reason>}"
"-DEAD Unable to open password file {<file>,<reason>}"
"-DEAD Error with open of group file {<file>,<reason>}"
"-DEAD Unable to open temporary file {<file>,<reason>}"
"-DEAD Error with lock of password file {<file>,<reason>}."
"-DEAD Error with un-lock of password file {<file>, <reason>}."
"-DEAD Unable to create init.log, <reason>"
Sysauth couldn't open / close the required file <file> for <reason>.

"-DEAD Error with lock of password file {<file>,<reason>}."
Unable to obtain a lock for the <file>, for <reason>.

"-DEAD Unable to close log file {<reason>}"
Sysauth could not close it's log file for .

"-ERR Error writing current entries {<reason>}."
Sysauth encountered an error while trying to copy entries in the password and/or group file.

"-ERR Error removing current password file, <reason>"
Sysauth could not remove old copy of password file.

"-ERR Error copying temporary file -> password file, <reason>"
Sysauth could not replace the password file with an updated copy.

"-DEAD No more UID's available."
Sysauth could not locate a free UID.

"-ERR Invalid user info parameter."
Either the home directory, name and / or shell parameter is in error.

"-ERR Unknown error occurred."
Something strange has happened.

"-ERR Home directory must exist."
The home directory given must exist.

"-ERR setting <setting> incorrect"
The format of setting <setting> was incorrect, user setting="value".

"-ERR Shell must exist."
The shell file given must exist.

"-ERR Unknown user info {}"
The <setting> was an unknown user setting.

"-ERR Error locating GID for {}, group does not exist."
The group <group> could not be found.



3. Output

The reply messages are part of the Netwin standard External Authentication Protocol.
CommandMessage
set +OK User <name> added to the database
del +OK Deleted user successfully
lookup +OK <user> config 0 <info>
-ERR <user> not found
check +OK <user> config 0 <info>
-ERR <user> password wrong or not a valid user
search +DATA ...
+DATA ...
+OK search complete <number> items found
version +OK NT Auth version <version number>
help +DATA Valid commands
+DATA <command>
+DATA <command>
+DATA <command>
+OK



4. Download and History

Generally, you will find the latest download in with your distribution set. You can check what version of unixauth you have by running unixauth at a command prompt, e.g.,
/usr/local/dmail/unixauth -version

If we put a download on the site for a version, it will be listed in the history below as a link,

    unixauth10i_linux_libc6.Z
    unixauth10i_solarissparc.Z

History:

4 Jan 2001 TRW 1.0i
- ntauth now looks for system32\ntauth.ini now instead of unixauth.ini!

18 Dec 2000 TRW 1.0h
- Fix: If last line of /etc/passwd or /etc/group or /etc/shadow is +::: (as for NIS) then unixauth was appending new users/groups after that line rather before.
-bug fix: removed a few file handle leaks in

12 Dec 2000 TRW 1.0g
- made host setting add \\ on front if not given in ini file. Without them the lookup command fails for users where the check command succeeds!.
- fixed bug in get_hostname when no host ini setting, failed to get from registry because not using inicode version of key location string.
- fixed fatal bug in get_hostname, could return "" static instead of malloc'd space when no host setting set, so free of "" caused death.

12 Dec 2000 TRW 1.0f
- added -version command line option.

8 Dec 2000 TRW 1.0e
- fixed possible bug when /etc/group file has a line like, a::: i.e. with no members in group.

4 Dec 2000 TRW 1.0d
- make unixauth use /etc/unixauth.ini or SYSTEM_DIR\unixauth.ini if can't find one in same directory.
- added logging to stdout only when -debug is called at command line.

24 Nov 2000 TRW 1.0c
- fixed so 'debug' in log by itself sets loglevel to debug
- added defaults for, script_path and shadow_file
- Fixed BUG: where multiple responses were being given with a done_neg_msg static, e.g.
-DEAD Unable to open shadow file {(null),Bad address}
-ERR User tam does not exist or password incorrect.
- Fixex Bug:password checks failing randomly on some systems when not using shadow passwd file
- made all file locks logged on debug level
- FIXED BUG: could not flock /etc/passwd and /etc/passwd files for set command (when changing a user's password or details.

05-10-2000: RMH: 1.0b
- Bug in NT build where it didn't output the result from a set.
- Bug in NT build where it produced an error and then continued to work.

28-1-2000: RMH
- Shadow support added.
- NO_SHADOW disables the shadow support and "shadow false" ini setting also does the same.

1.0a 14 Aug 2000 (also in dmail 2.8 versions)




 

 
Products Downloads Prices Support Company