How to make it unsuccessful authentication ??

>
> Hello List,
>
> Can anybody let me know if there are anywayz that, after  
> authorization, authentication can be stopped ??
> In other words when a user logs on and he is being authorized and  
> his entry is checked in the database but after that, is it possible  
> to make it a unsuccessful authentication manually for a sepcific  
> user ?
>
> This I want to do, in order to suspend the user to log on for some  
> time, temporarily.
>
> Please throw some pointers in this direction !!!!
>
>
> Thanks,
> Jyotishmaan Ray

>
> Yes, i am sure you are wrong, as per my knowledge and experience with
> openldap.
>
> Please give some pointers on this-In what wayz can i make my request DN and
> not match with the entry stored in the database ?
>
>
>
> vsp_123 wrote:
> >
> > Hi,
> >
> > I always thought authorization came after authentication. But I guess
> > I could be wrong :)
> >
> > Prakash
> >
> >
> > On Apr 10, 2008, at 3:08 AM, Jyotishmaan Ray wrote:
> >
> >>
> >> Hello List,
> >>
> >> Can anybody let me know if there are anywayz that, after
> >> authorization, authentication can be stopped ??
> >> In other words when a user logs on and he is being authorized and
> >> his entry is checked in the database but after that, is it possible
> >> to make it a unsuccessful authentication manually for a sepcific
> >> user ?
> >>
> >> This I want to do, in order to suspend the user to log on for some
> >> time, temporarily.
> >>
> >> Please throw some pointers in this direction !!!!
> >>
> >>
> >> Thanks,
> >> Jyotishmaan Ray
> >
> > Prakash Velayutham
> > Programmer / Analyst
> > Cincinnati Children's Hospital Medical Center
> >
> >
> >
>
> --
> View this message in context:
>

>
>
>
> Yes, I agree with you.
>
> My question remains unasnwered as it could not be understood!!!!
>
> Here it goes once again:-
>
> A user x logs onto  his system say-"x" which then is being checked  
> with the
> stored entry in the openldap database, and if it only matches that,  
> the
> authentication process is said to be successful and the user is said  
> to have
> successful authentication from his system "x" to the server say "y".
>
> Well after this phase of authentication, comes authirization, as  
> such to
> check -"who has been granted what" ?
>
> My question, was it is possible to suspend a user to successfully  
> log onto
> the server system, without affectinng his password etc for a short  
> period of
> time something called "quarantine" , plz correct me if i am wrong.  
> This i
> need to set up in my kind of adminitration where the users has been  
> given
> limited  access privleges and downloading capacities etc.
>
> Plz Give me some pointers !!!
>
>
>
> Jason Morrill wrote:
>>
>> Perhaps I'm as confused as everyone else on this list.
>>
>> Security is typical two-fold:
>> 1) Authentication = the username exists in the system and the  
>> password
>> matches
>> 2) Authorization = the username is allows to do what is being asked
>>
>> In many systems Authentication is all that is needed to get in the  
>> 'front
>> door'.
>> Authorization is left for more detailed security measures.
>>
>> For example:
>> Let's say we have a basic Webmail application. Bob, enters his  
>> information
>> into
>> a 'login' screen. That information is then **Authenticated**  
>> against the
>> Directory using LDAP. Let's say he entered the correct info. So now  
>> he's
>> part
>> way into the Webmail system. Now Webmail checks Bobs  
>> **Authorization** to
>> see
>> if it should show him links to things like 'Admin' and 'Edit Global
>> Addresbook'. Since Bob is not Authorizated for that level he  
>> doesn't see
>> those
>> options.
>>
>> For a further elaboration on authentication vs. authorization:
>> http://en.wikipedia.org/wiki/Authorization
>>
>> I know this doesn't answer your question but I don't think anyone  
>> here
>> understands your question. Perhaps the information I've outlined  
>> above
>> will
>> help you to rephrase it so we can understand what you're asking for.
>>
>> Jason
>>
>>
>> Quoting Jyotishmaan <jyotishmaan@...>:
>>
>>>
>>> Yes, i am sure you are wrong, as per my knowledge and experience  
>>> with
>>> openldap.
>>>
>>> Please give some pointers on this-In what wayz can i make my  
>>> request DN
>>> and
>>> not match with the entry stored in the database ?
>>>
>>>
>>>
>>> vsp_123 wrote:
>>>>
>>>> Hi,
>>>>
>>>> I always thought authorization came after authentication. But I  
>>>> guess
>>>> I could be wrong :)
>>>>
>>>> Prakash
>>>>
>>>>
>>>> On Apr 10, 2008, at 3:08 AM, Jyotishmaan Ray wrote:
>>>>
>>>>>
>>>>> Hello List,
>>>>>
>>>>> Can anybody let me know if there are anywayz that, after
>>>>> authorization, authentication can be stopped ??
>>>>> In other words when a user logs on and he is being authorized and
>>>>> his entry is checked in the database but after that, is it  
>>>>> possible
>>>>> to make it a unsuccessful authentication manually for a sepcific
>>>>> user ?
>>>>>
>>>>> This I want to do, in order to suspend the user to log on for some
>>>>> time, temporarily.
>>>>>
>>>>> Please throw some pointers in this direction !!!!
>>>>>
>>>>>
>>>>> Thanks,
>>>>> Jyotishmaan Ray
>>>>
>>>> Prakash Velayutham
>>>> Programmer / Analyst
>>>> Cincinnati Children's Hospital Medical Center
>>>>
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>>
>> http://www.nabble.com/How-to-make-it-unsuccessful-authentication----tp16605307p16627298.html
>>> Sent from the PAM LDAP mailing list archive at Nabble.com.
>>>
>>>
>>> --
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>>
>>>
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/How-to-make-it-unsuccessful-authentication----tp16605307p16646393.html
> Sent from the PAM LDAP mailing list archive at Nabble.com.
>

>
>
>
> Yes, I agree with you.
>
> My question remains unasnwered as it could not be understood!!!!
>
> Here it goes once again:-
>
> A user x logs onto  his system say-"x" which then is being checked with the
> stored entry in the openldap database, and if it only matches that, the
> authentication process is said to be successful and the user is said to have
> successful authentication from his system "x" to the server say "y".
>
> Well after this phase of authentication, comes authirization, as such to
> check -"who has been granted what" ?
>
> My question, was it is possible to suspend a user to successfully log onto
> the server system, without affectinng his password etc for a short period of
> time something called "quarantine" , plz correct me if i am wrong. This i
> need to set up in my kind of adminitration where the users has been  given
> limited  access privleges and downloading capacities etc.
>
> Plz Give me some pointers !!!
>
>
>
> Jason Morrill wrote:
> >
> > Perhaps I'm as confused as everyone else on this list.
> >
> > Security is typical two-fold:
> > 1) Authentication = the username exists in the system and the password
> > matches
> > 2) Authorization = the username is allows to do what is being asked
> >
> > In many systems Authentication is all that is needed to get in the 'front
> > door'.
> > Authorization is left for more detailed security measures.
> >
> > For example:
> > Let's say we have a basic Webmail application. Bob, enters his information
> > into
> > a 'login' screen. That information is then **Authenticated** against the
> > Directory using LDAP. Let's say he entered the correct info. So now he's
> > part
> > way into the Webmail system. Now Webmail checks Bobs **Authorization** to
> > see
> > if it should show him links to things like 'Admin' and 'Edit Global
> > Addresbook'. Since Bob is not Authorizated for that level he doesn't see
> > those
> > options.
> >
> > For a further elaboration on authentication vs. authorization:
> > http://en.wikipedia.org/wiki/Authorization
> >
> > I know this doesn't answer your question but I don't think anyone here
> > understands your question. Perhaps the information I've outlined above
> > will
> > help you to rephrase it so we can understand what you're asking for.
> >
> > Jason
> >
> >
> > Quoting Jyotishmaan <jyotishmaan@...>:
> >
> >>
> >> Yes, i am sure you are wrong, as per my knowledge and experience with
> >> openldap.
> >>
> >> Please give some pointers on this-In what wayz can i make my request DN
> >> and
> >> not match with the entry stored in the database ?
> >>
> >>
> >>
> >> vsp_123 wrote:
> >> >
> >> > Hi,
> >> >
> >> > I always thought authorization came after authentication. But I guess
> >> > I could be wrong :)
> >> >
> >> > Prakash
> >> >
> >> >
> >> > On Apr 10, 2008, at 3:08 AM, Jyotishmaan Ray wrote:
> >> >
> >> >>
> >> >> Hello List,
> >> >>
> >> >> Can anybody let me know if there are anywayz that, after
> >> >> authorization, authentication can be stopped ??
> >> >> In other words when a user logs on and he is being authorized and
> >> >> his entry is checked in the database but after that, is it possible
> >> >> to make it a unsuccessful authentication manually for a sepcific
> >> >> user ?
> >> >>
> >> >> This I want to do, in order to suspend the user to log on for some
> >> >> time, temporarily.
> >> >>
> >> >> Please throw some pointers in this direction !!!!
> >> >>
> >> >>
> >> >> Thanks,
> >> >> Jyotishmaan Ray
> >> >
> >> > Prakash Velayutham
> >> > Programmer / Analyst
> >> > Cincinnati Children's Hospital Medical Center
> >> >
> >> >
> >> >
> >>
> >> --
> >> View this message in context:
> >>
> >
>

> >> Sent from the PAM LDAP mailing list archive at Nabble.com.
> >>
> >>
> >> --
> >> This message has been scanned for viruses and
> >> dangerous content by MailScanner, and is
> >> believed to be clean.
> >>
> >>
> >
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> >
> >
> >
>
> --
> View this message in context:
>

> On Sat, 12 Apr 2008, Jyotishmaan Ray wrote:
>
>> Please see below for your reply,
>>
>> Yes, that is what i exactly meant. Suspend, means not allowing the  
>> user to have successful authentication, without hampering his  
>> password, for some time !!
>
> I'm not familiar with OpenLDAP, but the Sun Directory Server offers  
> a way to "disable" accounts.  A disabled account will always fail to  
> authenticate to the LDAP server, but the stored password is not  
> modified. The account can be un-disabled anytime without setting a  
> new password.
>
> Does OpenLDAP offer a similar feature?
>
> Andy

>
> Prakash
>
>
> On Apr 14, 2008, at 12:28 PM, Andrew Morgan wrote:
>
>> On Sat, 12 Apr 2008, Jyotishmaan Ray wrote:
>>
>>> Please see below for your reply,
>>>
>>> Yes, that is what i exactly meant. Suspend, means not allowing the
>>> user to have successful authentication, without hampering his
>>> password, for some time !!
>>
>> I'm not familiar with OpenLDAP, but the Sun Directory Server offers
>> a way to "disable" accounts.  A disabled account will always fail to
>> authenticate to the LDAP server, but the stored password is not
>> modified. The account can be un-disabled anytime without setting a
>> new password.
>>
>> Does OpenLDAP offer a similar feature?
>>
>> Andy
>
> Prakash Velayutham
> Programmer / Analyst
> Cincinnati Children's Hospital Medical Center
>
>