17
Hi,
I have never worked with NIS, but in theory you shoud be able to develop a new Authentication module for NIS. The Authentication Service is a hack that will be included very soon in the XOOPS kernel (https://xoops.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id=19401&forum=14).
If have already achieved more or less the same "single sign on" and strong password policy with CAS (Yale University).
The question for which I do not have an answer today is how to check the session or login/password of a NIS user. I found something interesting in the Mantis source code.
<?php
# Mantis - a php based bugtracking system
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
# Copyright (C) 2002 - 2004 Mantis Team - mantisbt-dev@lists.sourceforge.net
# This program is distributed under the terms and conditions of the GPL
# See the README and LICENSE files for details
# --------------------------------------------------------
# $Id: nis_api.php,v 1.2 2004/07/05 16:50:30 ghenshaw Exp $
# --------------------------------------------------------
###########################################################################
# NIS API
###########################################################################
# --------------------
# Attempt to authenticate the user against the NIS directory
# return true on successful authentication, false otherwise
# this really belongs in a separate module, but this is convenient
function nis_authenticate( $p_user_id, $p_password ) {
$t_authenticated = false;
$t_username = user_get_field( $p_user_id, 'username' );
$t_domain_list = config_get( 'nis_domains', yp_get_default_domain() );
$t_domain_arr = split( ',', $t_domain_list );
foreach ($t_domain_arr as $t_domain) {
$t_entry = @yp_match($t_domain, "passwd.byname", $t_username);
// echo "<p>" . $t_username."/" . $p_password . " matched entry is: " . $t_entry;
if($t_entry){
list($user,$t_pass,$uid,$gid,$gecos,$home,$shell) = explode(":", $t_entry);
// echo " <p>salt = ".substr($t_pass, 0, 2);
if($t_pass == crypt($p_password, substr($t_pass, 0, 2))){
// echo "<p>password matched";
$t_authenticated = true;
}else{
// echo "<p>password failed";
}
}else{
// echo "<p>match failed";
}
}
return $t_authenticated;
}
?>
I suggest you clone the ldap authentication module (/include/authenticationservice/ldap.php) and simply replace/adapt the authentication code with this one. It should be rather easy to make it run. To get these functions (yp_*) to work, you have to configure PHP with --enable-yp
I hope this will help.
Please give us some feedback: a new working NIS module for XOOPS would be nice to have !
Best regards,
Benoit