|
»
»
»
« Return to Thread: How to make it unsuccessful authentication ??
Re: How to make it unsuccessful authentication ??
by Jason Morrill
::
Rate this Message:
Perhaps I'm as confused as everyone else on this list.
Security is typical two-fold:
1) Authentication = the username exists in the system and the password matches
2) Authorization = the username is allows to do what is being asked
In many systems Authentication is all that is needed to get in the 'front door'.
Authorization is left for more detailed security measures.
For example:
Let's say we have a basic Webmail application. Bob, enters his information into
a 'login' screen. That information is then **Authenticated** against the
Directory using LDAP. Let's say he entered the correct info. So now he's part
way into the Webmail system. Now Webmail checks Bobs **Authorization** to see
if it should show him links to things like 'Admin' and 'Edit Global
Addresbook'. Since Bob is not Authorizated for that level he doesn't see those
options.
For a further elaboration on authentication vs. authorization:
http://en.wikipedia.org/wiki/Authorization
I know this doesn't answer your question but I don't think anyone here
understands your question. Perhaps the information I've outlined above will
help you to rephrase it so we can understand what you're asking for.
Jason
Quoting Jyotishmaan <jyotishmaan@...>:
>
> Yes, i am sure you are wrong, as per my knowledge and experience with
> openldap.
>
> Please give some pointers on this-In what wayz can i make my request DN and
> not match with the entry stored in the database ?
>
>
>
> vsp_123 wrote:
> >
> > Hi,
> >
> > I always thought authorization came after authentication. But I guess
> > I could be wrong :)
> >
> > Prakash
> >
> >
> > On Apr 10, 2008, at 3:08 AM, Jyotishmaan Ray wrote:
> >
> >>
> >> Hello List,
> >>
> >> Can anybody let me know if there are anywayz that, after
> >> authorization, authentication can be stopped ??
> >> In other words when a user logs on and he is being authorized and
> >> his entry is checked in the database but after that, is it possible
> >> to make it a unsuccessful authentication manually for a sepcific
> >> user ?
> >>
> >> This I want to do, in order to suspend the user to log on for some
> >> time, temporarily.
> >>
> >> Please throw some pointers in this direction !!!!
> >>
> >>
> >> Thanks,
> >> Jyotishmaan Ray
> >
> > Prakash Velayutham
> > Programmer / Analyst
> > Cincinnati Children's Hospital Medical Center
> >
> >
> >
>
> --
> View this message in context:
>http://www.nabble.com/How-to-make-it-unsuccessful-authentication----tp16605307p16627298.html
> Sent from the PAM LDAP mailing list archive at Nabble.com.
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Security is typical two-fold:
1) Authentication = the username exists in the system and the password matches
2) Authorization = the username is allows to do what is being asked
In many systems Authentication is all that is needed to get in the 'front door'.
Authorization is left for more detailed security measures.
For example:
Let's say we have a basic Webmail application. Bob, enters his information into
a 'login' screen. That information is then **Authenticated** against the
Directory using LDAP. Let's say he entered the correct info. So now he's part
way into the Webmail system. Now Webmail checks Bobs **Authorization** to see
if it should show him links to things like 'Admin' and 'Edit Global
Addresbook'. Since Bob is not Authorizated for that level he doesn't see those
options.
For a further elaboration on authentication vs. authorization:
http://en.wikipedia.org/wiki/Authorization
I know this doesn't answer your question but I don't think anyone here
understands your question. Perhaps the information I've outlined above will
help you to rephrase it so we can understand what you're asking for.
Jason
Quoting Jyotishmaan <jyotishmaan@...>:
>
> Yes, i am sure you are wrong, as per my knowledge and experience with
> openldap.
>
> Please give some pointers on this-In what wayz can i make my request DN and
> not match with the entry stored in the database ?
>
>
>
> vsp_123 wrote:
> >
> > Hi,
> >
> > I always thought authorization came after authentication. But I guess
> > I could be wrong :)
> >
> > Prakash
> >
> >
> > On Apr 10, 2008, at 3:08 AM, Jyotishmaan Ray wrote:
> >
> >>
> >> Hello List,
> >>
> >> Can anybody let me know if there are anywayz that, after
> >> authorization, authentication can be stopped ??
> >> In other words when a user logs on and he is being authorized and
> >> his entry is checked in the database but after that, is it possible
> >> to make it a unsuccessful authentication manually for a sepcific
> >> user ?
> >>
> >> This I want to do, in order to suspend the user to log on for some
> >> time, temporarily.
> >>
> >> Please throw some pointers in this direction !!!!
> >>
> >>
> >> Thanks,
> >> Jyotishmaan Ray
> >
> > Prakash Velayutham
> > Programmer / Analyst
> > Cincinnati Children's Hospital Medical Center
> >
> >
> >
>
> --
> View this message in context:
>
> Sent from the PAM LDAP mailing list archive at Nabble.com.
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
« Return to Thread: How to make it unsuccessful authentication ??
| Free Forum Powered by Nabble | Forum Help |