Solved

Xlock authentication through enterprise directory servers

Posted on 2004-04-20
6
209 Views
Last Modified: 2010-04-22
Xlock authentication through enterprise directory servers

Hi - I am trying to understand if XLock can be used in an enterprise model on RedHat9.
Basically, use xlock to lock the screen and when a user enters a "login" & "password" to unlock the screen, the authentication is through some enterprise directory server such as Novell, Microsoft Active Directory etc.

Since Xlock can use Kerberos for authentication, should we just configure kerberos to point at the enterprise server and xlock will start authenticating that way ?

Can someone provide more information if they have knowledge in this area or if they have implemented something similar.

Many thanks.
0
Comment
Question by:menong120699
  • 3
  • 2
6 Comments
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
Xlock uses the system authentication for username/password. So if you configure the system to authenticate against an external source you'll have solved the xlock issue.
0
 
LVL 9

Expert Comment

by:Alf666
Comment Utility
Hem... Sorry Jlevie, but you don't have to configure the whole system to authenticate another way.

PAM is really modular, and you can configure /etc/pam.d/xlock (or xscreensaver) to authenticate against what you want.

This could be usefull if the screensaver protects something else than a full user unix account like a specific application.
0
 

Author Comment

by:menong120699
Comment Utility
Thanks jlevie and Alf666.. I suppose I am now headed in the right direction and there seems to be a possibility to enable enterprise level authentication. Once again, if I modify /etc/pam.d/xlock so that it now authenticates using Kerberos against an enterprise directory server and not the system, will that be possible ?

I believe xlock will look for the last user who locked the system and will only allow him/her to log back in. What I want is :

User A locks the system
User B wants to unlock the system so he enters his login ("user B") and passwd
User B is on the network directory server
Once User B is authenticated through Kerberos, he will be allowed onto the system with the apps from "User A" still running,.

So basically, User B will be authenticated via an entperise directory server and will be able to unlock the system, .. How can this be implemented and which files would I need to modify to get this authentication working through kerberos on an Enterprise Directory Server.

Thanks a lot !
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 40

Accepted Solution

by:
jlevie earned 75 total points
Comment Utility
I don't think that you'll be able to do that. When xlock is run only the user whose login session started xlock or root can unlock the display.
0
 

Author Comment

by:menong120699
Comment Utility
Any pointers you can give me to write something similar to x-lock that will enable enterprise authentication and features such as any valid user logging in other than the current feature which allows only the user who locked the system or root to unlock.

Any resources I can start with? I am trying to understand how Xlock locks down the display. what calls to make and stuff. I am not sure if there is a good book that explains all this ?

Please advise.
I'll grant you the points. Thanks !
0
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
You could modify xlock to do this type of authentication. I can't say how difficult that would be since I haven't looked at the xlock sources in years, but I'm sure it would easier to modify it than to write something from scratch. In essence the modification would be to give all uses the rights within xlock that root has.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now