Difference between revisions of "OS4X Enterprise user authentification"

From OS4X
Jump to navigation Jump to search
(New page: == User authentification methods == OS4X supports two user authentification methods. Addition methods could be implemented in the future. === internal authentification === The user will b...)
 
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
== User authentification methods ==
+
== User authentication methods ==
 
OS4X supports two user authentification methods. Addition methods could be implemented in the future.
 
OS4X supports two user authentification methods. Addition methods could be implemented in the future.
  
Line 18: Line 18:
 
  auth      required      pam_deny.so
 
  auth      required      pam_deny.so
  
 +
==== Documentation links ====
 
For more information on PAM, refer to the documentation, available at http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/
 
For more information on PAM, refer to the documentation, available at http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/
  
 
Some possible modules are documented here: http://www.kernel.org/pub/linux/libs/pam/modules.html
 
Some possible modules are documented here: http://www.kernel.org/pub/linux/libs/pam/modules.html
 +
 +
An example on how to authentificate users via MS Active Directory: http://developer.novell.com/wiki/index.php/HOWTO:_Configure_Ubuntu_for_Active_Directory_Authentication
 +
 +
 +
[[Category:OS4X Enterprise]]

Latest revision as of 07:07, 4 May 2021

User authentication methods

OS4X supports two user authentification methods. Addition methods could be implemented in the future.

internal authentification

The user will be authentificated via a given username and a hashed password. This one-way hashed password is not recreatable and stored as a text field in the OS4X database. If you want to authentificate users with given credentials, you have to define a username and a non-empty password. The user will be able to change his password via OS4X Webaccess, the end-user interface.

PAM

PAM ("Pluggable Authentication Modules") support a dynamic mode of authentification of users. In this way, a system administrator is able to define how users of OS4X will be authentificated. PAM is also used in many single-sign-on (SSO) environments. Many modules exist for PAM, so LDAP, MS Active Directory, NIS and other third-party authentification modes are available. In order to use PAM, you have to know the service name OS4X uses. Its fix-coded value is

os4x

So you have to create a file in your PAM configuration directory, which is in most cases

/etc/pam.d

The name of the file is the service name, so the absolute path to the OS4X PAM configuration file is:

/etc/pam.d/os4x

The content could be copied from existing configurations, the only method used is "auth". Here an example:

auth       required       pam_nologin.so
auth       sufficient     pam_securityserver.so
auth       sufficient     pam_unix.so
auth       required       pam_deny.so

Documentation links

For more information on PAM, refer to the documentation, available at http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/

Some possible modules are documented here: http://www.kernel.org/pub/linux/libs/pam/modules.html

An example on how to authentificate users via MS Active Directory: http://developer.novell.com/wiki/index.php/HOWTO:_Configure_Ubuntu_for_Active_Directory_Authentication