[base] External authentication and local users
Hi, I am testing external authentication using the POP3Authenticator and users can only log in if they have an account and home directory on the server. Is this normal? It is not a big nuisance, because it has the advantage of giving me more control on who can use Base, but it seemed a bit odd. Thanks, Paulo - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ The BASE general discussion mailing list basedb-users@lists.sourceforge.net unsubscribe: send a mail with subject unsubscribe to [EMAIL PROTECTED]
Re: [base] External authentication and local users
I am testing external authentication using the POP3Authenticator and users can only log in if they have an account and home directory on the server. Is this normal? It is not a big nuisance, because it has the advantage of giving me more control on who can use Base, but it seemed a bit odd. This is a bit odd. If the authentication server (in this case, the POP server) says that the user/password is ok, BASE should automatically create a new account. If this doesn't work, please submit an error report on the BASE web site. Could it be that the POP server isn't responding to BASE? Because if it doesn't and if you have configured BASE to cache passwords, BASE will revert to using internal authentication. The different scenarios are documented at http://base.thep.lu.se/chrome/site/latest/html/developerdoc/plugin_developer/plugin_developer.other.html#plugin_developer.other.authentication If a user has a home directory or not shouldn't affect the possibility to login. If you find any problems which seems related to this please send another bug report. A final note. If you want the manual control, then I don't see the need for using external authentication. Or, you should use an external system that allows you to configure (in that system) who is allowed to use BASE or not. But that is beyond the scope of the POP3Authenticator, which should be considered as a proof-of-concept implementation. /Nicklas Thanks, Paulo - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ The BASE general discussion mailing list basedb-users@lists.sourceforge.net unsubscribe: send a mail with subject unsubscribe to [EMAIL PROTECTED] - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ The BASE general discussion mailing list basedb-users@lists.sourceforge.net unsubscribe: send a mail with subject unsubscribe to [EMAIL PROTECTED]
Re: [base] External authentication and local users
On Wednesday 01 October 2008 17:30, Nicklas Nordborg wrote: I am testing external authentication using the POP3Authenticator and users can only log in if they have an account and home directory on the server. Is this normal? It is not a big nuisance, because it has the advantage of giving me more control on who can use Base, but it seemed a bit odd. This is a bit odd. If the authentication server (in this case, the POP server) says that the user/password is ok, BASE should automatically create a new account. If this doesn't work, please submit an error report on the BASE web site. I'll describe what I did, to clarify: First I dropped the database and then created and initialized it again, to make sure the users really did not exist (and password caching was always off, I just checked that). Me and another user tested the POP3 Authenticator with our POP3 passwords and it worked and created our accounts on Base. Then I asked another user to test it and it didn't work. When he used his correct password, he got a message with a Java Exception, but when I asked him to try a wrong password he just got the normal authentication failure message. We noticed that the first two users, who had logged in successfully, had Unix accounts on the server, and the third didn't, so I created a user for him. I first used the useradd command, which does not create the home directory, and he still couldn't log in, but then I used adduser, created a home dir for him and he could log in to Base, and his account was created on the Base database. I'll submit the report on the Base web site. A final note. If you want the manual control, then I don't see the need for using external authentication. The reason I want external authentication is just so users can have a central password and use it for different services (admittedly, that can be bad for security if one account gets compromised). The manual control would be just like a checkbox saying which users that exist in the Institute's database can use Base. I could do it with an external system, but I would have to program that, and it is not essential for me. - Paulo /Nicklas Thanks, Paulo - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ The BASE general discussion mailing list basedb-users@lists.sourceforge.net unsubscribe: send a mail with subject unsubscribe to [EMAIL PROTECTED] - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ The BASE general discussion mailing list basedb-users@lists.sourceforge.net unsubscribe: send a mail with subject unsubscribe to [EMAIL PROTECTED] - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ The BASE general discussion mailing list basedb-users@lists.sourceforge.net unsubscribe: send a mail with subject unsubscribe to [EMAIL PROTECTED]
Re: [base] External authentication and local users
On Wednesday 01 October 2008 17:30, Nicklas Nordborg wrote: I am testing external authentication using the POP3Authenticator and users can only log in if they have an account and home directory on the server. Is this normal? It is not a big nuisance, because it has the advantage of giving me more control on who can use Base, but it seemed a bit odd. This is a bit odd. If the authentication server (in this case, the POP server) says that the user/password is ok, BASE should automatically create a new account. If this doesn't work, please submit an error report on the BASE web site. I'll describe what I did, to clarify: First I dropped the database and then created and initialized it again, to make sure the users really did not exist (and password caching was always off, I just checked that). Me and another user tested the POP3 Authenticator with our POP3 passwords and it worked and created our accounts on Base. Then I asked another user to test it and it didn't work. When he used his correct password, he got a message with a Java Exception, but when I asked him to try a wrong password he just got the normal authentication failure message. We noticed that the first two users, who had logged in successfully, had Unix accounts on the server, and the third didn't, so I created a user for him. I first used the useradd command, which does not create the home directory, and he still couldn't log in, but then I used adduser, created a home dir for him and he could log in to Base, and his account was created on the Base database. I'll submit the report on the Base web site. Never mind. This has nothing to do with BASE. It's your POP server that requires a Unix user account and stuff that goes with it. A final note. If you want the manual control, then I don't see the need for using external authentication. The reason I want external authentication is just so users can have a central password and use it for different services (admittedly, that can be bad for security if one account gets compromised). The manual control would be just like a checkbox saying which users that exist in the Institute's database can use Base. I could do it with an external system, but I would have to program that, and it is not essential for me. If you use an external system, the control of who may and may not login to BASE is to 99% controlled by the external system. The last 1% is the BASE root user account which always uses the internal system. /Nicklas - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ The BASE general discussion mailing list basedb-users@lists.sourceforge.net unsubscribe: send a mail with subject unsubscribe to [EMAIL PROTECTED]
