by The ITLab
Sysadmins: Listen to your users. This can be a great ease of burdens for you. Or so it seems around here.
- gcc authClient.c -o authClient
- authClient host port username password
| Description | |
| Intro | webNIS is a pretty cool and simple authentication mechanism. It provides a server, or inetd service which simply takes in a login and a password, and responds with the user's real name (as listed in the gecos records) or nothing in case of failure. |
| Implementation | Clients exist for Windows, MacOS, and of course all *NIX variants. |
| Why webNIS? | Well mainly for use in situations where you want to authenticate via NIS, or some remote user database, but can't become a trusted host. Perhaps you just want to use another machine's user base for authentication. Whatever your needs be, if it involves authentication with a remote unix box, then this is for you. |
| Do people actually care? | While our statisticians are still working on this question, we have some pretty compelling evidence. Just check out the ITLab Toolbox. Pretty wild stuff huh? |
| News | |
| 20031106: Latest release | Version 1.3 has Improvements. Still needs a proper readme, changelog, and version reporting. |
| 20030407 | Version 1.2. This release contains a new authClient_ldap that communicates with a LDAP server over SSL. See the included readme for more details. |
| Download | |
| *NIX, Linux, and Windows source | Everything you need. The win/ subdirectory contains sources to compile under windows, as well as a precompiled binary. |
| Instructions | |
| The Server |
Users: Beg, plead, and bribe the sysadmin of
the machine you want to authenticate against to compile and
install authd-inetd.c. As the name suggests, it's meant to
be installed as an inetd service. Sysadmins: Listen to your users. This can be a great ease of burdens for you. Or so it seems around here. |
| The Client | This is the nice and easy part. Just compile authClient.c, or run
authClient.tcl. It's pretty simple stuff.
|
| The LDAP | Compile authClient_ldap.c to use against an LDAP server. See the instructions, they're either in a readme file or in the C file itself. Look in the C file: you have to set the conf file and the LDAP DNs. |
| Neato Mosquito | |
| Does it ever end? | Apparently not, since I went ahead and created mod_auth_any. It's an Apache Module that will let you incorporate any random command line authentication program into Apache webserver security. I've even received threatning line noise from members of the Apache Consortium. |
| Disclaimer | |
| Is this HaX0r proof? | I was good about using bounded string operation functions, snprintf(), strncmp() and the likes. If you're l33t then I'm sure you can overflow the TCP/IP stack, and throw a pointer to remote display glade, which you can use to design an xterm, with root privileges. |
| Regarding HaX0rs | I think all the scriptkiddies out there can take a running jump. |
| Brought to you by the friendly folks at the ITLab. The "I" in most of this page is probably Nafees. The current maintainer is Satya. | |