Replacing /bin/login under AIX 3.1
John F Haugh II
jfh at greenber.austin.ibm.com
Wed Jan 23 09:41:10 AEST 1991
In article <9T4^9=- at rpi.edu> todd at narnia.ecs.rpi.edu (R. Lindsay Todd) writes:
>Now, /etc/security/login.cfg and /etc/security/user seems to have some
>hooks for providing alternative authentication methods. However, my
>CD-ROM wears a bit thin in this area. Has anyone successfully used
>these hooks to provide an alternative login mechanism?
The /etc/security/user file contains two fields, auth1 and auth2, which
can be used to configure the authentication process very finely.
The default "auth1" value is "SYSTEM", which is a built-in method which
performs the usual "prompt for Password: and compare against encrypted
version" authentication. If you replace "auth1 = SYSTEM" with something
like "auth1 = KERBEROS" you will have to add a "KERBEROS" stanza to
/etc/security/login.cfg.
For this example, assume a program "/etc/kerberos_auth" which takes a
user ID as an argument, does some processing based on that argument,
and exits with zero for success, and non-zero otherwise. Assume that
the user "bob" exists and will be authenticated using the built-in
method as well as the "KERBEROS" method.
Start by changing bob's "auth1" attribute with the command "chuser
auth1=SYSTEM,KERBEROS bob". Then manually edit the /etc/security/login.cfg
adding the stanza
--
KERBEROS:
program = /etc/kerberos_auth
--
After bob enters his password, the second program will be executed
as "/etc/kerberos_auth bob". It is us to that program to get the
Kerberos tickets, etc, and exit with 0 if the user is properly
authenticated, and non-zero otherwise.
--
John F. Haugh II | I've Been Moved | MaBellNet: (512) 838-4340
SneakerNet: 809/1D064 | AGAIN ! | VNET: LCCB386 at AUSVMQ
BangNet: ..!cs.utexas.edu!ibmchs!auschs!snowball.austin.ibm.com!jfh (e-i-e-i-o)
More information about the Comp.unix.aix
mailing list