powered by Jive Software

Who''s ready to test native authentication (PAM, Win32)?

The NativeAuthProvider and associated UserManager is now in SVN and should be fully functional in the next nightly build. I’'m looking for people to help test this new feature out.

Thanks!

-Matt


From the Javadocs, which describes how to get setup:

Authenticates using the native operating system authentication method. On Windows, this means Win32 authentication; on Unix/Linux, PAM authentication. New user accounts will be created automatically as needed.

Authentication is handled using the Shaj library. In order for this provider to work, the appropriate native library must be loaded. The appropriate native library must be manually moved from the resources/nativeAuth directory to the lib directory.

To enable this provider, set the following in the XML configuration file:

[/pre]

The properties to configure the provider are as follows:

nativeAuth.domain – on Windows, the domain to use for authentication. If the value is not set, the machine’'s default domain will be used or standard OS auth will be used if the machine is not part of a domain. On Unix/Linux, this value specifies the PAM module to use for authentication. If the value is not set, the PAM module “other” will be used.

For more information about configuring the domain value and other aspects of Shaj, please see: http://opensource.cenqua.com/shaj/doc.html.

BTW, I have no idea why there are “;” charactes in the XML snippet above. Please delete them after copying and pasting.

-Matt

Windows domain (server windows XP)

  1. After setup could not login as admin afterwards. Had to skip admin page aswell during setup. Is this because there must be a matching admin account in the domain? If so it may be a bit of a restriction. Is it possible to change the “admin” account user name?

  2. I tried to register a new account via Gaim using my domain name/pwd. Account registration failed. I was able to login afterwards however so NativeAuth is definitely working.

BTW I did not set a domain, I used the default.

  1. I also created the attached unit test, feel free to reuse or put in to SVN. Useful to verify setup.

NativeAuth (via Shaj) on windows domain is working.

Conor.

matt

I am interested in it and will be testing it later as I am still working on other part of the messenger

Thx,

wmhtet

This is excellent news!

Unfortunately I don’'t have a test server to check this out on!

  1. After setup could not login as admin afterwards.

Had to skip admin page aswell during setup. Is this

because there must be a matching admin account in the

domain? If so it may be a bit of a restriction. Is it

possible to change the “admin” account user name?

Yeah, I really want to add intelligence around different authentication modes (especially LDAP) to the setup tool. You should get to choose the username/usernames that will be an admin if not using the default provider. At the moment, it’'s best to go through setup and then change the providers.

  1. I tried to register a new account via Gaim using

my domain name/pwd. Account registration failed.

Yep, expected behavior.

I was able to login afterwards however so NativeAuth is

definitely working.

Did you try logging in with user accounts that don’'t exist and bad passwords? On My WinXP box, it basically let me log in no matter what username/password I entered.

  1. I also created the attached unit test, feel free

to reuse or put in to SVN. Useful to verify setup.

Thanks, I’'ll check it out.

-Matt

Did you try logging in with user accounts that don’'t

exist and bad passwords? On My WinXP box, it

basically let me log in no matter what

username/password I entered.

Yes I also tested it using combinations of invalid usernames and passwords. This threw the expected NotAuthorized exceptions. In no case did it authenticate incorrectly.

Conor.

Is there a way to configure this to only allow a certain group or groups to authenticate? How stable is it? Is it a better solution for me to use than LDAP? I’'m on a Windows 2000 domain with Active Directory.

Nathan

Nathan,

If you’'re using Active Directory, I would recommend using the LDAP auth module, but configure it with a filter to only allow certain users to authenticate.

Regards,

Matt

Thanks. That is what I am using.

Nathan