Solved

Xlock authentication through enterprise directory servers

Posted on 2004-04-20
6
212 Views
Last Modified: 2010-04-22
Xlock authentication through enterprise directory servers

Hi - I am trying to understand if XLock can be used in an enterprise model on RedHat9.
Basically, use xlock to lock the screen and when a user enters a "login" & "password" to unlock the screen, the authentication is through some enterprise directory server such as Novell, Microsoft Active Directory etc.

Since Xlock can use Kerberos for authentication, should we just configure kerberos to point at the enterprise server and xlock will start authenticating that way ?

Can someone provide more information if they have knowledge in this area or if they have implemented something similar.

Many thanks.
0
Comment
Question by:menong120699
  • 3
  • 2
6 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 10871043
Xlock uses the system authentication for username/password. So if you configure the system to authenticate against an external source you'll have solved the xlock issue.
0
 
LVL 9

Expert Comment

by:Alf666
ID: 10872777
Hem... Sorry Jlevie, but you don't have to configure the whole system to authenticate another way.

PAM is really modular, and you can configure /etc/pam.d/xlock (or xscreensaver) to authenticate against what you want.

This could be usefull if the screensaver protects something else than a full user unix account like a specific application.
0
 

Author Comment

by:menong120699
ID: 10872899
Thanks jlevie and Alf666.. I suppose I am now headed in the right direction and there seems to be a possibility to enable enterprise level authentication. Once again, if I modify /etc/pam.d/xlock so that it now authenticates using Kerberos against an enterprise directory server and not the system, will that be possible ?

I believe xlock will look for the last user who locked the system and will only allow him/her to log back in. What I want is :

User A locks the system
User B wants to unlock the system so he enters his login ("user B") and passwd
User B is on the network directory server
Once User B is authenticated through Kerberos, he will be allowed onto the system with the apps from "User A" still running,.

So basically, User B will be authenticated via an entperise directory server and will be able to unlock the system, .. How can this be implemented and which files would I need to modify to get this authentication working through kerberos on an Enterprise Directory Server.

Thanks a lot !
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 40

Accepted Solution

by:
jlevie earned 75 total points
ID: 10873000
I don't think that you'll be able to do that. When xlock is run only the user whose login session started xlock or root can unlock the display.
0
 

Author Comment

by:menong120699
ID: 10881879
Any pointers you can give me to write something similar to x-lock that will enable enterprise authentication and features such as any valid user logging in other than the current feature which allows only the user who locked the system or root to unlock.

Any resources I can start with? I am trying to understand how Xlock locks down the display. what calls to make and stuff. I am not sure if there is a good book that explains all this ?

Please advise.
I'll grant you the points. Thanks !
0
 
LVL 40

Expert Comment

by:jlevie
ID: 10889228
You could modify xlock to do this type of authentication. I can't say how difficult that would be since I haven't looked at the xlock sources in years, but I'm sure it would easier to modify it than to write something from scratch. In essence the modification would be to give all uses the rights within xlock that root has.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now