Authentication Install

Maverick has a number of services which require authentication. This page is a quick guide on how to set it up.


Installation Instructions

Authentication under maverick is curently done using the JAAS architecture. This is very simliar in principal to the PAM under linux/unix systems. Typically a module is installed so that authentication can be achieved in a user defined way.

Following is a list of some alternatives for setting up authentication. Please choose one suitable for your environment.

  1. File http://free.tagish.net/jaas/

    Download the latest version of the JAAS module, unzip and extract the tagishauth.jar file and copy into maverick/lib directory. Now need to create a password file. This is in the format:

        <user name>:<md5 hash>
        

    To create a password hash for the file run:

        RUN com.tagish.auth.tools.Password <mypassword>
        

    This will ouput the md5 hash needed for the file. Copy this hash into the password file with the username. Add as many users as needed by repeating this step.

    Now need to tell maverick to use the password file to authenticate. Create a jaas.config that looks like this:

            MaVerick {
                com.tagish.auth.FileLogin required debug=true pwdFile="< location of password file>"
            };
            

    See maverick/etc/ssh/jaas.config.file for an example

  2. Windows NT Login http://free.tagish.net/jaas/

    Download the latest version of the JAAS module, unzip and extract the tagishauth.jar file and copy into maverick/lib directory. Also extract the NTSystem.dll, this needs to be placed in the java executable path somewhere(under windows this is PATH environment variable or the java java.library.path define).

    Now need to tell maverick to use the windows to authenticate. Create a jaas.config that looks like this:

            MaVerick {
                com.tagish.auth.win32.NTSystemLogin required returnNames=true returnSIDS=false defaultDomain="MYDOMAIN"
            };
            

    See maverick/etc/ssh/jaas.config.ntlogin for an example

  3. PAM http://jpam.sourceforge.net/

    This module interfaces to the linux/unix PAM architecture. First download the latest from the website above and extract JPam-X.XX.jar from the archive and copy into the maverick/lib directory. Also copy library libjpam.so and put it somewhere in the java executable path (under linux or unix this is the LD_LIBRARY_PATH environment variable or the java java.library.path define). Finally from the archive copy net-sf-pam into the /etc/pam.d directory, customise this file if necessary.

    Now need to tell maverick to use the windows to authenticate. Create a jaas.config that looks like this:

            MaVerick {
                net.sf.jpam.jaas.JPamLoginModule required serviceName="net-sf-jpam"
            };
            

    See maverick/etc/ssh/jaas.config.jpam for an example

  4. LDAP

    This one is already built into java and allows authentication via a LDAP server.

            MaVerick {
                com.sun.security.auth.module.JndiLoginModule required
                    debug=true
                    user.provider.url="ldap://ldapserver.example.com:389/ou=People,dc=example,dc=com"
                    group.provider.url="ldap://ldapserver.example.com:389/ou=Group,dc=example,dc=com"
            };
            

    See etc/ssh/jaas.config.jndi for example config

  5. Active Directory

    This one is already built into java and allows authentication via a Kerboros server.

            MaVerick {
                com.sun.security.auth.module.Krb5LoginModule required
                    debug=true
                    useTicketCache=false
            };
            

    Probably will also need to set the following values in the java runtime:

            java.security.krb5.kdc=<kerboros domain controller>
            java.security.krb5.realm=<kerboros realm>
            

Robert.Colquhoun@gmail.com