• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 223
  • Last Modified:

Xlock authentication through enterprise directory servers

Xlock authentication through enterprise directory servers

Hi - I am trying to understand if XLock can be used in an enterprise model on RedHat9.
Basically, use xlock to lock the screen and when a user enters a "login" & "password" to unlock the screen, the authentication is through some enterprise directory server such as Novell, Microsoft Active Directory etc.

Since Xlock can use Kerberos for authentication, should we just configure kerberos to point at the enterprise server and xlock will start authenticating that way ?

Can someone provide more information if they have knowledge in this area or if they have implemented something similar.

Many thanks.
0
menong120699
Asked:
menong120699
  • 3
  • 2
1 Solution
 
jlevieCommented:
Xlock uses the system authentication for username/password. So if you configure the system to authenticate against an external source you'll have solved the xlock issue.
0
 
Alf666Commented:
Hem... Sorry Jlevie, but you don't have to configure the whole system to authenticate another way.

PAM is really modular, and you can configure /etc/pam.d/xlock (or xscreensaver) to authenticate against what you want.

This could be usefull if the screensaver protects something else than a full user unix account like a specific application.
0
 
menong120699Author Commented:
Thanks jlevie and Alf666.. I suppose I am now headed in the right direction and there seems to be a possibility to enable enterprise level authentication. Once again, if I modify /etc/pam.d/xlock so that it now authenticates using Kerberos against an enterprise directory server and not the system, will that be possible ?

I believe xlock will look for the last user who locked the system and will only allow him/her to log back in. What I want is :

User A locks the system
User B wants to unlock the system so he enters his login ("user B") and passwd
User B is on the network directory server
Once User B is authenticated through Kerberos, he will be allowed onto the system with the apps from "User A" still running,.

So basically, User B will be authenticated via an entperise directory server and will be able to unlock the system, .. How can this be implemented and which files would I need to modify to get this authentication working through kerberos on an Enterprise Directory Server.

Thanks a lot !
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
jlevieCommented:
I don't think that you'll be able to do that. When xlock is run only the user whose login session started xlock or root can unlock the display.
0
 
menong120699Author Commented:
Any pointers you can give me to write something similar to x-lock that will enable enterprise authentication and features such as any valid user logging in other than the current feature which allows only the user who locked the system or root to unlock.

Any resources I can start with? I am trying to understand how Xlock locks down the display. what calls to make and stuff. I am not sure if there is a good book that explains all this ?

Please advise.
I'll grant you the points. Thanks !
0
 
jlevieCommented:
You could modify xlock to do this type of authentication. I can't say how difficult that would be since I haven't looked at the xlock sources in years, but I'm sure it would easier to modify it than to write something from scratch. In essence the modification would be to give all uses the rights within xlock that root has.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now