Xlock authentication through enterprise directory servers

Xlock authentication through enterprise directory servers

Hi - I am trying to understand if XLock can be used in an enterprise model on RedHat9.
Basically, use xlock to lock the screen and when a user enters a "login" & "password" to unlock the screen, the authentication is through some enterprise directory server such as Novell, Microsoft Active Directory etc.

Since Xlock can use Kerberos for authentication, should we just configure kerberos to point at the enterprise server and xlock will start authenticating that way ?

Can someone provide more information if they have knowledge in this area or if they have implemented something similar.

Many thanks.
menong120699Asked:
Who is Participating?
 
jlevieConnect With a Mentor Commented:
I don't think that you'll be able to do that. When xlock is run only the user whose login session started xlock or root can unlock the display.
0
 
jlevieCommented:
Xlock uses the system authentication for username/password. So if you configure the system to authenticate against an external source you'll have solved the xlock issue.
0
 
Alf666Commented:
Hem... Sorry Jlevie, but you don't have to configure the whole system to authenticate another way.

PAM is really modular, and you can configure /etc/pam.d/xlock (or xscreensaver) to authenticate against what you want.

This could be usefull if the screensaver protects something else than a full user unix account like a specific application.
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
menong120699Author Commented:
Thanks jlevie and Alf666.. I suppose I am now headed in the right direction and there seems to be a possibility to enable enterprise level authentication. Once again, if I modify /etc/pam.d/xlock so that it now authenticates using Kerberos against an enterprise directory server and not the system, will that be possible ?

I believe xlock will look for the last user who locked the system and will only allow him/her to log back in. What I want is :

User A locks the system
User B wants to unlock the system so he enters his login ("user B") and passwd
User B is on the network directory server
Once User B is authenticated through Kerberos, he will be allowed onto the system with the apps from "User A" still running,.

So basically, User B will be authenticated via an entperise directory server and will be able to unlock the system, .. How can this be implemented and which files would I need to modify to get this authentication working through kerberos on an Enterprise Directory Server.

Thanks a lot !
0
 
menong120699Author Commented:
Any pointers you can give me to write something similar to x-lock that will enable enterprise authentication and features such as any valid user logging in other than the current feature which allows only the user who locked the system or root to unlock.

Any resources I can start with? I am trying to understand how Xlock locks down the display. what calls to make and stuff. I am not sure if there is a good book that explains all this ?

Please advise.
I'll grant you the points. Thanks !
0
 
jlevieCommented:
You could modify xlock to do this type of authentication. I can't say how difficult that would be since I haven't looked at the xlock sources in years, but I'm sure it would easier to modify it than to write something from scratch. In essence the modification would be to give all uses the rights within xlock that root has.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.