> On Wednesday 01 October 2008 17:30, Nicklas Nordborg wrote:
>>> I am testing external authentication using the POP3Authenticator and
>>> users can only log in if they have an account and home directory on
>> the
>>> server. Is this normal? It is not a big nuisance, because it has the
>>> advantage of giving me more control on who can use Base, but it
>>> seemed
>> a
>>> bit odd.
>> This is a bit odd. If the authentication server (in this case, the POP
>> server) says that the user/password is ok, BASE should automatically
>> create a new account. If this doesn't work, please submit an error
>> report on the BASE web site.
> I'll describe what I did, to clarify:
> First I dropped the database and then created and initialized it again,
> to make sure the users really did not exist (and password caching was
> always off, I just checked that).
> Me and another user tested the POP3 Authenticator with our POP3 passwords
>  and it worked and created our accounts on Base.
> Then I asked another user to test it and it didn't work. When he used his
>  correct password, he got a message with a Java Exception, but when I
> asked him to try a wrong password he just got the normal authentication
> failure message.
> We noticed that the first two users, who had logged in successfully, had
> Unix accounts on the server, and the third didn't, so I created a user
> for him. I first used the "useradd" command, which does not create the
> home directory, and he still couldn't log in, but then I used "adduser",
> created a home dir for him and he could log in to Base, and his account
> was created on the Base database.
> I'll submit the report on the Base web site.

Never mind. This has nothing to do with BASE. It's your POP server that
requires a Unix user account and stuff that goes with it.

>> A final note. If you want the manual control, then I don't see the need
>>  for using external authentication.
> The reason I want external authentication is just so users can have a
> central password and use it for different services (admittedly, that can
> be bad for security if one account gets compromised).
> The manual control
> would be just like a checkbox saying which users that exist in the
> Institute's database can use Base. I could do it with an external system,
> but I would have to program that, and it is not essential for me.

If you use an external system, the control of who may and may not login to
BASE is to 99% controlled by the external system. The last 1% is the BASE
root user account which always uses the internal system.


This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
The BASE general discussion mailing list
unsubscribe: send a mail with subject "unsubscribe" to

Reply via email to