CJ Keist wrote:
Bob,
Thanks for the reply. This is the situation that has come down the
pipes. We have sun kiosk stations around campus set up as open with
just a web browser running. They now want to authenticate users
before giving them a kiosk session. This is to cut down the number of
non-student types camping out at the kiosk stations.
The problem I have is all central user accounts here are stored in
Windows AD. The central IT folks will not touch AD. So no NIS UNIX
extensions, and no third party app to sync AD with UNIX LDAP server.
So only option I have is a web auth tool the central IT folks have for
me to use. Hence why I was asking if AMGH could get password info.
Is there a way to evoke a AMGH style redirect to a DTU from say my
own little Java app that could be run in the kiosk session? My java
app would prompt for the user name password and then I can use the web
auth tools to authenticate and then redirect to a kiosk server if
pass, or a more internet restricted kiosk server if not.
There are a couple of ways you could go with this. I'd think that the
best would be to call pam_authenticate from some JNI code inside of your
Java app, *after* authenticating with AD. Create your own custom PAM
stack/service in /etc/pam.conf (or pam.d if this is Linux) that simply
has pam_sunray_amgh on the stack. I've never tried this, obviously, but
I *think* it should work :). It'll probably have a side effect of
blowing away the session running your Java app when done, but that may
be what you want anyway. I'd love to hear if this works for you.
The other course is to roll your own. It's not that hard to write your
own code to look up the smartcard->user ->host mappings and then just
call utswitch.
-Bob
Bob Doolittle wrote:
CJ Keist wrote:
Is it possible to get user password with AMGH? Right now it looks
like AMGH scripts get called when you have user name but no password
info. Is there way to get user password info using AMGH?
No. That seems like a very bad idea from a security POV. You might
almost as well use Kiosk mode, or disable passwords.
-Bob
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
------------------------------------------------------------------------
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
