 |  |  |  |  |  |  |  |
RH Linux, eDirectory & 3rd party apps
 |
A little help please,
Pre-amble:
-----------
A large mid-west US utility is using RedHat Linux and eDirectory successfully. The setup is RedHat 7.2 and openldap-clients-2.0.27-2.7.3 (they are not running a Novell Client on the Linux servers). They have it setup to send the password in clear-text. They can successfully log onto the box using UserIDs & passwords that are in eDirectory
On the RH Linux server they are running WebSphere MQ v5.3 and they decided to purchase Capitalware's security product called: MQ Authenticate User Security Exit (MQAUSX). MQAUSX fully authenticates a user who is accessing a WebSphere MQ resource. It verifies the User's UserID and Password against the server's native OS UserID/password management system.
MQAUSX follows the standard Linux security principles of (1) using getspnam() function to retrieve the 'spwd' structure information, (2) use crypt to encrypt the incoming user's password and (3) compare the 2 encrypted passwords. (Yes, the executable has the user ownership as root and the user sticky bit is set.)
Problem:
---------
If the UserID and password are local to the RH Linux box then everything works fine (as expected and well tested).
But if the UserID and password are in eDirectory then the password returned by getspnam() is always 'x' (a single character 'x'). I have tried getpwnam(),getspent() and getpwent() functions but all of them return a password of 'x'.
Question:
----------
On the eDirectory server, maybe the RH Linux server is not 'trusted' to lookup the password?? Or maybe the application is not 'trusted' to lookup the password??
The reason I think it is a 'trusted' issue is that getspnam() and the other functions return successfully but the password field is filled with an 'x'. Here's a discussion of Linux, PAM, LDAP and the password field containing an 'x':
https://www.redhat.com/archives/pam-.../msg00045.html
Plus it actually states it in the RFC 2307. At the very bottom of section 5.3, it talks about DUA (directory user agent) returning an 'x':
http://www.faqs.org/rfcs/rfc2307.html
Help Please:
-------------
So, I just need to figure out what parameter / setting / conf / property file that will allow the ldap client (DUA) to do the password lookup.
Any and all help is much appreciated.
Regards,
Roger Lacroix
Capitalware Inc.
http://www.capitalware.biz
Pre-amble:
-----------
A large mid-west US utility is using RedHat Linux and eDirectory successfully. The setup is RedHat 7.2 and openldap-clients-2.0.27-2.7.3 (they are not running a Novell Client on the Linux servers). They have it setup to send the password in clear-text. They can successfully log onto the box using UserIDs & passwords that are in eDirectory
On the RH Linux server they are running WebSphere MQ v5.3 and they decided to purchase Capitalware's security product called: MQ Authenticate User Security Exit (MQAUSX). MQAUSX fully authenticates a user who is accessing a WebSphere MQ resource. It verifies the User's UserID and Password against the server's native OS UserID/password management system.
MQAUSX follows the standard Linux security principles of (1) using getspnam() function to retrieve the 'spwd' structure information, (2) use crypt to encrypt the incoming user's password and (3) compare the 2 encrypted passwords. (Yes, the executable has the user ownership as root and the user sticky bit is set.)
Problem:
---------
If the UserID and password are local to the RH Linux box then everything works fine (as expected and well tested).
But if the UserID and password are in eDirectory then the password returned by getspnam() is always 'x' (a single character 'x'). I have tried getpwnam(),getspent() and getpwent() functions but all of them return a password of 'x'.
Question:
----------
On the eDirectory server, maybe the RH Linux server is not 'trusted' to lookup the password?? Or maybe the application is not 'trusted' to lookup the password??
The reason I think it is a 'trusted' issue is that getspnam() and the other functions return successfully but the password field is filled with an 'x'. Here's a discussion of Linux, PAM, LDAP and the password field containing an 'x':
https://www.redhat.com/archives/pam-.../msg00045.html
Plus it actually states it in the RFC 2307. At the very bottom of section 5.3, it talks about DUA (directory user agent) returning an 'x':
http://www.faqs.org/rfcs/rfc2307.html
Help Please:
-------------
So, I just need to figure out what parameter / setting / conf / property file that will allow the ldap client (DUA) to do the password lookup.
Any and all help is much appreciated.
Regards,
Roger Lacroix
Capitalware Inc.
http://www.capitalware.biz
|
Similar Threads
- Why Linux doesnt need an anti virus (Getting Started and Choosing a Distro)
- Win for Linux user: Package Managment, Effective UI and so no (Windows NT / 2000 / XP)
- Since no one replied to my other post i post my question here (Windows NT / 2000 / XP)
- How to remove Linux and install Windows XP? (IT Professionals' Lounge)
- Fn Key Broken.. (Windows NT / 2000 / XP)
- Running a 3rd party program from Python (Python)
- starting 3rd party programs (VB.NET)
- Visual Basic.net (VB.NET)
Other Threads in the Novell Forum
- Previous Thread: e-Directory vs. Active Directory
- Next Thread: Replacement SCSI Tape Drive Not Detected
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Novell Posts
- Today's Posts
- Unanswered Threads
canonical centos china community copyright darlmcbride debian dell desktop development distributions fedora firing foss fud gentoo globaleconomy google gos hp ibm indemnification jimwhitehurst joebrockmeier law layoffs linpus linustorvalds linux mandriva microsoft mint money netbooks news novell novellsuse opensolaris opensource opensuse oracle patents paycuts rbuilder recession redhat religion rpath sco security server slackware sled software sun suse susestudio termination thinclients thinkgos ubuntu unix vendors virtualization vmware windows
