XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Community Support forums / 
  3. XOOPS general usage questions 
  4.  / Login users using NIS server
Register
1
user999
Login users using NIS server

  • 2004/8/11 5:46

  • user999

  • Just popping in

  • Posts: 28

  • Since: 2004/3/12


Hello,

My email webserver uses NIS(http://www.linux-nis.org/) to store the username and password. I would like to connect to NIS to retrieve the username and password and autologin those users to the XOOPS website. All these users will then have access to all modules and also be able to post in the forums.

Is this possible? If so, what files do I need to edit to do this?

I do not know Php, so I am not sure where to begin. Please help.

Thanks in advance.
2
mercibe
Re: Login users using NIS server

  • 2004/8/11 8:16

  • mercibe

  • Just popping in

  • Posts: 55

  • Since: 2003/6/12


Hi,

I have never worked with NIS, but in theory you shoud be able to develop a new Authentication module for NIS. The Authentication Service is a hack that will be included very soon in the XOOPS kernel (https://xoops.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id=19401&forum=14).

If have already achieved more or less the same "single sign on" and strong password policy with CAS (Yale University).

The question for which I do not have an answer today is how to check the session or login/password of a NIS user. I found something interesting in the Mantis source code.


    # Mantis - a php based bugtracking system
    # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
    # Copyright (C) 2002 - 2004  Mantis Team   - mantisbt-dev@lists.sourceforge.net
    # This program is distributed under the terms and conditions of the GPL
    # See the README and LICENSE files for details

    # --------------------------------------------------------
    # $Id: nis_api.php,v 1.2 2004/07/05 16:50:30 ghenshaw Exp $
    # --------------------------------------------------------

    ###########################################################################
    # NIS API
    ###########################################################################
    
    # --------------------
    # Attempt to authenticate the user against the NIS directory
    #  return true on successful authentication, false otherwise
    # this really belongs in a separate module, but this is convenient
    function nis_authenticate$p_user_id$p_password ) {
        $t_authenticated false;
        $t_username         user_get_field$p_user_id'username' );
        $t_domain_list config_get'nis_domains'yp_get_default_domain() );
        $t_domain_arr split','$t_domain_list );
        foreach ($t_domain_arr as $t_domain) {
            $t_entry = @yp_match($t_domain"passwd.byname"$t_username);
            // echo "

" . $t_username."/" . $p_password . " matched entry is: " . $t_entry;
            if($t_entry){
                list($user,$t_pass,$uid,$gid,$gecos,$home,$shell) = explode(":"$t_entry);
                // echo " 

salt = ".substr($t_pass, 0, 2);
                if($t_pass == crypt($p_passwordsubstr($t_pass02))){
                    // echo "

password matched";
                    $t_authenticated true;
                }else{
                    // echo "

password failed";
                }
            }else{
                // echo "

match failed";
            }
        }

        return $t_authenticated;
    }
    
?>



I suggest you clone the ldap authentication module (/include/authenticationservice/ldap.php) and simply replace/adapt the authentication code with this one. It should be rather easy to make it run. To get these functions (yp_*) to work, you have to configure PHP with --enable-yp

I hope this will help.

Please give us some feedback: a new working NIS module for XOOPS would be nice to have !

Best regards,

Benoit

3
user999
Re: Login users using NIS server

  • 2004/8/13 3:31

  • user999

  • Just popping in

  • Posts: 28

  • Since: 2004/3/12


Hi Mercibe,

Thanks for your reply. I have looked at the ldap authentication code but can't figure out how to adapt it to NIS. As I mentioned earlier, I am pretty new to php. I would appreciate it very much if you could help me modify the code, since you have successfully implemented the ldap connection.

Also, the purpose I would like to connect to a NIS server is to allow these users to login using their email username and password. Would modifying the authentication script also automatically enable the users to post articles on the forum? Or do I need to modify other files too to enable this?

I need to set this up soon, so any help would be greatly appreciated.
4
mercibe
Re: Login users using NIS server

  • 2004/8/13 5:19

  • mercibe

  • Just popping in

  • Posts: 55

  • Since: 2003/6/12


Hi,

If you are successfuly implementing the NIS authentication through a new "nis" module for the Authentication Service, you can let your users using the same login/password that they used to use with NIS enabled applications.

Unfortunately I do not have a NIS infrastructure available neither at home nor at work. The best I could try to do is to provide you with a version developped in a "blind" way without any possibility to test it and without any experience with NIS...

Does anybody out there have an experience with NIS authentication and have some PHP experience ?

If I can find some time today (GMT+1), I will try to provide you with something but it is a difficult exercice

Best regards,

Benoit
5
user999
Re: Login users using NIS server

  • 2004/8/13 5:37

  • user999

  • Just popping in

  • Posts: 28

  • Since: 2004/3/12


Hi Mercibe,

Extremely grateful to you for working on this issue. I can understand the time and skill required here. I would have given you the testing server address but unfortunately I am working on an intranet. You could send me the script though and I could test it locally.

I would also like to invite any experienced php coders or anyone else who may have successfully implemented NIS authentication with XOOPS to give us some pointers.

Thanks again for your help.

Best regards
6
mercibe
Re: Login users using NIS server

  • 2004/8/13 11:17

  • mercibe

  • Just popping in

  • Posts: 55

  • Since: 2003/6/12


Done and ... tested (On a Debian box with XOOPS 2.0.6) ! Thanks to you I learned NIS and was successful in installing a master server, a slave and a client. I seems to me a very insecure way to authenticate users, but I am a difficult man to satisfy

You can download a first beta version of a NIS authentication module: http://sourceforge.net/tracker/download.php?group_id=41586&atid=430842&file_id=97570&aid=945237

Steps to start using it:
- apply the Pluggable Authentication Hack (https://xoops.org/modules/newbb/viewtopic.php?forum=14&topic_id=19401)
- test it with default XOOPS module
- download nis.php (http://sourceforge.net/tracker/download.php?group_id=41586&atid=430842&file_id=97570&aid=945237) and copy under /include/authenticationservices
- adapt the parameters in nis.php (nis domain name, the salt and the way to get mail address for your users - optional)
- modify mainfile.php to use nis instead of XOOPS module for authenticating users.
- test...

No time to polish now but it WORKS. I commented some debug code. Feel free to uncomment in case of trouble

Regards,

Benoit


7
user999
Re: Login users using NIS server

  • 2004/8/17 1:42

  • user999

  • Just popping in

  • Posts: 28

  • Since: 2004/3/12


Hi mercibe,

Sorry for not replying soon to your email. I have been trying to get this script to work on my system. My server administrator needs to configure the php to enable yp. He says it takes time. So, I am still stuck.

My administrator was suggesting if we could use PAM (http://www.kernel.org/pub/linux/libs/pam/index.html) instead. Is it possible to modify nis.php to use PAM instead? Is the installation process same too?

Please give me some advise, as to whether using PAM is more secure and quick way of authenticating the users.

Also, thanks for taking time to write the NIS script. I definately want to set this up on my site soon.

Best regards
user999
8
user999
Re: Login users using NIS server

  • 2004/8/17 3:11

  • user999

  • Just popping in

  • Posts: 28

  • Since: 2004/3/12


Hi again,

Just a question? We have a IMAP account to access our emails. Is it possible to modify the login script to use the IMAP username account and password? I would like all our email users to also have access to our forum without having to create a new login and password.

Has anyone successfully implemented this? I would really appreaciate some help.

Best regards
9
mercibe
Re: Login users using NIS server

  • 2004/8/17 7:19

  • mercibe

  • Just popping in

  • Posts: 55

  • Since: 2003/6/12


Hi,

This is exactly the goal of the NIS login module ! The goal of the Authentication Service hack is to externalise the authentication process. Your users has simply to use their NIS login/password to login to XOOPS once this module has been enabled. If the user connects for the first time a XOOPS user account will be automatically created based on the information find via NIS: username, full name (gecos info), etc. The only missing part right now is the mail address. If the mail address can be derived from either the username or the gecos, it is trivial to implement.

With the NIS and LDAP module you can even allow pure XOOPS users and NIS/LDAP users to loging to your XOOPS site.

Best regards,

Benoit


10
user999
Re: Login users using NIS server

  • 2004/8/17 7:30

  • user999

  • Just popping in

  • Posts: 28

  • Since: 2004/3/12


Hi mercibe,

I come across another issue. My systems adminstrator would like to authenticate at the PAM level instead of NIS. Seems it more secure that way. Have you tried to implement this? What modifications must I do to get this to work?

Thanks very much for all your prompt replies. Being a beginner I am not sure how to resolve this issue.

Best regards
Sunita
(1) 2 3 »

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

164 user(s) are online (93 user(s) are browsing Support Forums)

Members: 0

Guests: 164

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jan 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits