The NativeAuthProvider and associated UserManager is now in SVN and should be fully functional in the next nightly build. I’'m looking for people to help test this new feature out.
Thanks!
-Matt
From the Javadocs, which describes how to get setup:
Authenticates using the native operating system authentication method. On Windows, this means Win32 authentication; on Unix/Linux, PAM authentication. New user accounts will be created automatically as needed.
Authentication is handled using the Shaj library. In order for this provider to work, the appropriate native library must be loaded. The appropriate native library must be manually moved from the resources/nativeAuth directory to the lib directory.
To enable this provider, set the following in the XML configuration file:
[/pre]
The properties to configure the provider are as follows:
nativeAuth.domain – on Windows, the domain to use for authentication. If the value is not set, the machine’'s default domain will be used or standard OS auth will be used if the machine is not part of a domain. On Unix/Linux, this value specifies the PAM module to use for authentication. If the value is not set, the PAM module “other” will be used.
After setup could not login as admin afterwards. Had to skip admin page aswell during setup. Is this because there must be a matching admin account in the domain? If so it may be a bit of a restriction. Is it possible to change the “admin” account user name?
I tried to register a new account via Gaim using my domain name/pwd. Account registration failed. I was able to login afterwards however so NativeAuth is definitely working.
BTW I did not set a domain, I used the default.
I also created the attached unit test, feel free to reuse or put in to SVN. Useful to verify setup.
NativeAuth (via Shaj) on windows domain is working.
Had to skip admin page aswell during setup. Is this
because there must be a matching admin account in the
domain? If so it may be a bit of a restriction. Is it
possible to change the “admin” account user name?
Yeah, I really want to add intelligence around different authentication modes (especially LDAP) to the setup tool. You should get to choose the username/usernames that will be an admin if not using the default provider. At the moment, it’'s best to go through setup and then change the providers.
I tried to register a new account via Gaim using
my domain name/pwd. Account registration failed.
Yep, expected behavior.
I was able to login afterwards however so NativeAuth is
definitely working.
Did you try logging in with user accounts that don’'t exist and bad passwords? On My WinXP box, it basically let me log in no matter what username/password I entered.
I also created the attached unit test, feel free
to reuse or put in to SVN. Useful to verify setup.
Did you try logging in with user accounts that don’'t
exist and bad passwords? On My WinXP box, it
basically let me log in no matter what
username/password I entered.
Yes I also tested it using combinations of invalid usernames and passwords. This threw the expected NotAuthorized exceptions. In no case did it authenticate incorrectly.
Is there a way to configure this to only allow a certain group or groups to authenticate? How stable is it? Is it a better solution for me to use than LDAP? I’'m on a Windows 2000 domain with Active Directory.
If you’'re using Active Directory, I would recommend using the LDAP auth module, but configure it with a filter to only allow certain users to authenticate.