Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Xlock authentication through enterprise directory servers

Posted on 2004-04-20
6
215 Views
Last Modified: 2010-04-22
Xlock authentication through enterprise directory servers

Hi - I am trying to understand if XLock can be used in an enterprise model on RedHat9.
Basically, use xlock to lock the screen and when a user enters a "login" & "password" to unlock the screen, the authentication is through some enterprise directory server such as Novell, Microsoft Active Directory etc.

Since Xlock can use Kerberos for authentication, should we just configure kerberos to point at the enterprise server and xlock will start authenticating that way ?

Can someone provide more information if they have knowledge in this area or if they have implemented something similar.

Many thanks.
0
Comment
Question by:menong120699
  • 3
  • 2
6 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 10871043
Xlock uses the system authentication for username/password. So if you configure the system to authenticate against an external source you'll have solved the xlock issue.
0
 
LVL 9

Expert Comment

by:Alf666
ID: 10872777
Hem... Sorry Jlevie, but you don't have to configure the whole system to authenticate another way.

PAM is really modular, and you can configure /etc/pam.d/xlock (or xscreensaver) to authenticate against what you want.

This could be usefull if the screensaver protects something else than a full user unix account like a specific application.
0
 

Author Comment

by:menong120699
ID: 10872899
Thanks jlevie and Alf666.. I suppose I am now headed in the right direction and there seems to be a possibility to enable enterprise level authentication. Once again, if I modify /etc/pam.d/xlock so that it now authenticates using Kerberos against an enterprise directory server and not the system, will that be possible ?

I believe xlock will look for the last user who locked the system and will only allow him/her to log back in. What I want is :

User A locks the system
User B wants to unlock the system so he enters his login ("user B") and passwd
User B is on the network directory server
Once User B is authenticated through Kerberos, he will be allowed onto the system with the apps from "User A" still running,.

So basically, User B will be authenticated via an entperise directory server and will be able to unlock the system, .. How can this be implemented and which files would I need to modify to get this authentication working through kerberos on an Enterprise Directory Server.

Thanks a lot !
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 40

Accepted Solution

by:
jlevie earned 75 total points
ID: 10873000
I don't think that you'll be able to do that. When xlock is run only the user whose login session started xlock or root can unlock the display.
0
 

Author Comment

by:menong120699
ID: 10881879
Any pointers you can give me to write something similar to x-lock that will enable enterprise authentication and features such as any valid user logging in other than the current feature which allows only the user who locked the system or root to unlock.

Any resources I can start with? I am trying to understand how Xlock locks down the display. what calls to make and stuff. I am not sure if there is a good book that explains all this ?

Please advise.
I'll grant you the points. Thanks !
0
 
LVL 40

Expert Comment

by:jlevie
ID: 10889228
You could modify xlock to do this type of authentication. I can't say how difficult that would be since I haven't looked at the xlock sources in years, but I'm sure it would easier to modify it than to write something from scratch. In essence the modification would be to give all uses the rights within xlock that root has.
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Fine Tune your automatic Updates for Ubuntu / Debian
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

838 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question