UNIXAuth - External Authentication Module for UNIX password file
NB: This authentication module is currently in beta form only!
UNIXAuth is an external authentication program. It uses Netwin's
External Authentication Protocol. Documentation on this standard
can be found in the User Administration section of this
DMail Manual.
UNIXAuth accesses and writes to the UNIX operating system user database, i.e. the /etc/passwd file
or shadow password file.
UNIXAuth has been designed to replace the 'unix_user' option of the
authent_method dmail.conf setting. It
allows DMail to run an external authentication module but still access /etc/password.
It also allows our web admin tool
NetAuth to be used in order to administer users in
the /etc/password file.
UNIXAuth uses the standard operating system user authentication calls (as the DMail servers do when authent_method is
set to unix_user) in order to access the
/etc/password file
so that it works with any standard authentication system like shadow password files.
To install unixauth, you need to set
authent_method external
authent_process /usr/local/dmail/unixauth
in your /etc/dmail.conf file and restart both DSMTP and DPOP.
We suggest that you edit the unixauth.ini file first and then test it from the command line, e.g., the
following adds a user called bob and checks that he can be looked up and 'checked' (authenticated),
/usr/local/dmail/unixauth
set bob secret
lookup bob
check bob secret
quit
On this page ...
- 1. Ini Settings.
- 2. Error codes.
- 3. Output.
- 4. Download and History.
Although you can put the unixauth.ini file in the same directory as the unixauth executable, e.g. /usr/local/dmail we
recommend that you ensure your machine has only one copy of the file, and that you put it in the /etc/ directory as
/etc/unixauth.ini
Click on this link in order to download an example unixauth.ini file.
The ini file allows you to specify any of the following settings...
path <path> | Path sets the path for locating the ini file, and
also determines where the log file will be created.
For example, running unixauth -path /var/log will cause
it to load the unixauth.ini file from the /var/log directory
if there is a path setting in the /var/log/unixauth.ini file, unixauth will then create it's log file in the
new directory.
|
log <level> | This setting can be used as just "log", or you can specify
a level of logging, like so: "log debug" or "-log debug".
It has three valid logging levels - error, info and debug. |
debug | This setting causes unixauth to run with logging set to
debug mode. It is equivalent to a "log debug" or "-log debug". |
group <name> | This specifies the group which the user created will belong to.
This group must belong on the host which the users are being
added to. This can be a string or, on Unix, a GID. |
script_path | This is a path to the shell files. Any shell setting must exist
in this path. There is no default for this. If no setting
is found, shell settings are assumed to be from the root. |
uname | Set default "name" field. Automatically set to "Unix Auth <version> User". |
shell | Default "shell" field. Automatically set to "/bin/bash". |
base_uid | Base number to start adding new UID's. Automatically set to "100". |
home_path | Default base-directory for "home" field. Actual "home" field
is set to <base>/<username>. e.g. /home/root. Automatically
set to "/home" |
EXAMPLE unix ini file <unixauth.ini>
path /usr/local/dmail
log error
group users
base_uid 500
These errors were written in an attempt to be descriptive enough so that
you could problem solve without too much hassle. If you are completely
stumped and have no idea why you are receiving an error, it could be
our fault entirely :-), so simply email the error and what you were trying
to do to "Sysauth Help"
<support-netauth@netwinsite.com>.
"-ERR ##:Unknown error has occurred."
There was an error. We need the error number ## to determine what went
wrong.
"-ERR Not a valid command (nocommand) use help"
You didn't enter a command.
"-ERR Not a valid command (<command>) use "help""
You entered <command> which was not recognized by unixauth as a valid
command.
"-DEAD Unable to open {<file>,<reason>}"
"-DEAD Error with open of password file {<file>,<reason>}"
"-DEAD Unable to open password file {<file>,<reason>}"
"-DEAD Error with open of group file {<file>,<reason>}"
"-DEAD Unable to open temporary file {<file>,<reason>}"
"-DEAD Error with lock of password file {<file>,<reason>}."
"-DEAD Error with un-lock of password file {<file>, <reason>}."
"-DEAD Unable to create init.log, <reason>"
Sysauth couldn't open / close the required file <file> for <reason>.
"-DEAD Error with lock of password file {<file>,<reason>}."
Unable to obtain a lock for the <file>, for <reason>.
"-DEAD Unable to close log file {<reason>}"
Sysauth could not close it's log file for .
"-ERR Error writing current entries {<reason>}."
Sysauth encountered an error while trying to copy entries in the
password and/or group file.
"-ERR Error removing current password file, <reason>"
Sysauth could not remove old copy of password file.
"-ERR Error copying temporary file -> password file, <reason>"
Sysauth could not replace the password file with an updated copy.
"-DEAD No more UID's available."
Sysauth could not locate a free UID.
"-ERR Invalid user info parameter."
Either the home directory, name and / or shell parameter is in error.
"-ERR Unknown error occurred."
Something strange has happened.
"-ERR Home directory must exist."
The home directory given must exist.
"-ERR setting <setting> incorrect"
The format of setting <setting> was incorrect, user setting="value".
"-ERR Shell must exist."
The shell file given must exist.
"-ERR Unknown user info {}"
The <setting> was an unknown user setting.
"-ERR Error locating GID for {}, group does not exist."
The group <group> could not be found.
The reply messages are part of the Netwin standard External Authentication Protocol.
Command | Message |
set | +OK User <name> added to the database |
del | +OK Deleted user successfully |
lookup | +OK <user> config 0 <info>
-ERR <user> not found |
check | +OK <user> config 0 <info>
-ERR <user> password wrong or not a valid user |
search | +DATA ...
+DATA ...
+OK search complete <number> items found |
version | +OK NT Auth version <version number> |
help | +DATA Valid commands
+DATA <command>
+DATA <command>
+DATA <command>
+OK |
Generally, you will find the latest download in with your distribution set. You can check what
version of unixauth you have by running unixauth at a command prompt, e.g.,
/usr/local/dmail/unixauth -version
If we put a download on the site for a version, it will be listed in the history below as a link,
unixauth10i_linux_libc6.Z
unixauth10i_solarissparc.Z
History:
4 Jan 2001 TRW 1.0i
- ntauth now looks for system32\ntauth.ini now instead of unixauth.ini!
18 Dec 2000 TRW 1.0h
- Fix: If last line of /etc/passwd or /etc/group or /etc/shadow is +::: (as for NIS) then
unixauth was appending new users/groups after that line rather before.
-bug fix: removed a few file handle leaks in
12 Dec 2000 TRW 1.0g
- made host setting add \\ on front if not given in ini file. Without them the lookup command fails for
users where the check command succeeds!.
- fixed bug in get_hostname when no host ini setting, failed to get from registry because
not using inicode version of key location string.
- fixed fatal bug in get_hostname, could return "" static instead of malloc'd space when no
host setting set, so free of "" caused death.
12 Dec 2000 TRW 1.0f
- added -version command line option.
8 Dec 2000 TRW 1.0e
- fixed possible bug when /etc/group file has a line like, a::: i.e. with no members in group.
4 Dec 2000 TRW 1.0d
- make unixauth use /etc/unixauth.ini or SYSTEM_DIR\unixauth.ini if can't find one in same directory.
- added logging to stdout only when -debug is called at command line.
24 Nov 2000 TRW 1.0c
- fixed so 'debug' in log by itself sets loglevel to debug
- added defaults for, script_path and shadow_file
- Fixed BUG: where multiple responses were being given with a done_neg_msg static, e.g.
-DEAD Unable to open shadow file {(null),Bad address}
-ERR User tam does not exist or password incorrect.
- Fixex Bug:password checks failing randomly on some systems when not using shadow passwd
file
- made all file locks logged on debug level
- FIXED BUG: could not flock /etc/passwd and /etc/passwd files for set command (when changing
a user's password or details.
05-10-2000: RMH: 1.0b
- Bug in NT build where it didn't output the result from a set.
- Bug in NT build where it produced an error and then continued to work.
28-1-2000: RMH
- Shadow support added.
- NO_SHADOW disables the shadow support and "shadow false" ini setting also does the same.
1.0a 14 Aug 2000 (also in dmail 2.8 versions)
|