OS4X Enterprise user authentification

From OS4X
Jump to navigation Jump to search

User authentication methods

OS4X supports two user authentification methods. Addition methods could be implemented in the future.

internal authentification

The user will be authentificated via a given username and a hashed password. This one-way hashed password is not recreatable and stored as a text field in the OS4X database. If you want to authentificate users with given credentials, you have to define a username and a non-empty password. The user will be able to change his password via OS4X Webaccess, the end-user interface.

PAM

PAM ("Pluggable Authentication Modules") support a dynamic mode of authentification of users. In this way, a system administrator is able to define how users of OS4X will be authentificated. PAM is also used in many single-sign-on (SSO) environments. Many modules exist for PAM, so LDAP, MS Active Directory, NIS and other third-party authentification modes are available. In order to use PAM, you have to know the service name OS4X uses. Its fix-coded value is

os4x

So you have to create a file in your PAM configuration directory, which is in most cases

/etc/pam.d

The name of the file is the service name, so the absolute path to the OS4X PAM configuration file is:

/etc/pam.d/os4x

The content could be copied from existing configurations, the only method used is "auth". Here an example:

auth       required       pam_nologin.so
auth       sufficient     pam_securityserver.so
auth       sufficient     pam_unix.so
auth       required       pam_deny.so

Documentation links

For more information on PAM, refer to the documentation, available at http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/

Some possible modules are documented here: http://www.kernel.org/pub/linux/libs/pam/modules.html

An example on how to authentificate users via MS Active Directory: http://developer.novell.com/wiki/index.php/HOWTO:_Configure_Ubuntu_for_Active_Directory_Authentication