|
»
»
»
« Return to Thread: How to make it unsuccessful authentication ??
Re: How to make it unsuccessful authentication ??
by vsp_123
::
Rate this Message:
Hi,
* Do you want the user to be not allowed to login even if his
credential is correct and hence is properly authenticated by PAM?
* What does suspend in this case mean?
Prakash
On Apr 12, 2008, at 3:54 AM, Jyotishmaan wrote:
>
>
>
> Yes, I agree with you.
>
> My question remains unasnwered as it could not be understood!!!!
>
> Here it goes once again:-
>
> A user x logs onto his system say-"x" which then is being checked
> with the
> stored entry in the openldap database, and if it only matches that,
> the
> authentication process is said to be successful and the user is said
> to have
> successful authentication from his system "x" to the server say "y".
>
> Well after this phase of authentication, comes authirization, as
> such to
> check -"who has been granted what" ?
>
> My question, was it is possible to suspend a user to successfully
> log onto
> the server system, without affectinng his password etc for a short
> period of
> time something called "quarantine" , plz correct me if i am wrong.
> This i
> need to set up in my kind of adminitration where the users has been
> given
> limited access privleges and downloading capacities etc.
>
> Plz Give me some pointers !!!
>
>
>
> Jason Morrill wrote:
>>
>> Perhaps I'm as confused as everyone else on this list.
>>
>> Security is typical two-fold:
>> 1) Authentication = the username exists in the system and the
>> password
>> matches
>> 2) Authorization = the username is allows to do what is being asked
>>
>> In many systems Authentication is all that is needed to get in the
>> 'front
>> door'.
>> Authorization is left for more detailed security measures.
>>
>> For example:
>> Let's say we have a basic Webmail application. Bob, enters his
>> information
>> into
>> a 'login' screen. That information is then **Authenticated**
>> against the
>> Directory using LDAP. Let's say he entered the correct info. So now
>> he's
>> part
>> way into the Webmail system. Now Webmail checks Bobs
>> **Authorization** to
>> see
>> if it should show him links to things like 'Admin' and 'Edit Global
>> Addresbook'. Since Bob is not Authorizated for that level he
>> doesn't see
>> those
>> options.
>>
>> For a further elaboration on authentication vs. authorization:
>> http://en.wikipedia.org/wiki/Authorization
>>
>> I know this doesn't answer your question but I don't think anyone
>> here
>> understands your question. Perhaps the information I've outlined
>> above
>> will
>> help you to rephrase it so we can understand what you're asking for.
>>
>> Jason
>>
>>
>> Quoting Jyotishmaan <jyotishmaan@...>:
>>
>>>
>>> Yes, i am sure you are wrong, as per my knowledge and experience
>>> with
>>> openldap.
>>>
>>> Please give some pointers on this-In what wayz can i make my
>>> request DN
>>> and
>>> not match with the entry stored in the database ?
>>>
>>>
>>>
>>> vsp_123 wrote:
>>>>
>>>> Hi,
>>>>
>>>> I always thought authorization came after authentication. But I
>>>> guess
>>>> I could be wrong :)
>>>>
>>>> Prakash
>>>>
>>>>
>>>> On Apr 10, 2008, at 3:08 AM, Jyotishmaan Ray wrote:
>>>>
>>>>>
>>>>> Hello List,
>>>>>
>>>>> Can anybody let me know if there are anywayz that, after
>>>>> authorization, authentication can be stopped ??
>>>>> In other words when a user logs on and he is being authorized and
>>>>> his entry is checked in the database but after that, is it
>>>>> possible
>>>>> to make it a unsuccessful authentication manually for a sepcific
>>>>> user ?
>>>>>
>>>>> This I want to do, in order to suspend the user to log on for some
>>>>> time, temporarily.
>>>>>
>>>>> Please throw some pointers in this direction !!!!
>>>>>
>>>>>
>>>>> Thanks,
>>>>> Jyotishmaan Ray
>>>>
>>>> Prakash Velayutham
>>>> Programmer / Analyst
>>>> Cincinnati Children's Hospital Medical Center
>>>>
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>>
>> http://www.nabble.com/How-to-make-it-unsuccessful-authentication----tp16605307p16627298.html
>>> Sent from the PAM LDAP mailing list archive at Nabble.com.
>>>
>>>
>>> --
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>>
>>>
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/How-to-make-it-unsuccessful-authentication----tp16605307p16646393.html
> Sent from the PAM LDAP mailing list archive at Nabble.com.
>
Prakash Velayutham
Programmer / Analyst
Cincinnati Children's Hospital Medical Center
* Do you want the user to be not allowed to login even if his
credential is correct and hence is properly authenticated by PAM?
* What does suspend in this case mean?
Prakash
On Apr 12, 2008, at 3:54 AM, Jyotishmaan wrote:
>
>
>
> Yes, I agree with you.
>
> My question remains unasnwered as it could not be understood!!!!
>
> Here it goes once again:-
>
> A user x logs onto his system say-"x" which then is being checked
> with the
> stored entry in the openldap database, and if it only matches that,
> the
> authentication process is said to be successful and the user is said
> to have
> successful authentication from his system "x" to the server say "y".
>
> Well after this phase of authentication, comes authirization, as
> such to
> check -"who has been granted what" ?
>
> My question, was it is possible to suspend a user to successfully
> log onto
> the server system, without affectinng his password etc for a short
> period of
> time something called "quarantine" , plz correct me if i am wrong.
> This i
> need to set up in my kind of adminitration where the users has been
> given
> limited access privleges and downloading capacities etc.
>
> Plz Give me some pointers !!!
>
>
>
> Jason Morrill wrote:
>>
>> Perhaps I'm as confused as everyone else on this list.
>>
>> Security is typical two-fold:
>> 1) Authentication = the username exists in the system and the
>> password
>> matches
>> 2) Authorization = the username is allows to do what is being asked
>>
>> In many systems Authentication is all that is needed to get in the
>> 'front
>> door'.
>> Authorization is left for more detailed security measures.
>>
>> For example:
>> Let's say we have a basic Webmail application. Bob, enters his
>> information
>> into
>> a 'login' screen. That information is then **Authenticated**
>> against the
>> Directory using LDAP. Let's say he entered the correct info. So now
>> he's
>> part
>> way into the Webmail system. Now Webmail checks Bobs
>> **Authorization** to
>> see
>> if it should show him links to things like 'Admin' and 'Edit Global
>> Addresbook'. Since Bob is not Authorizated for that level he
>> doesn't see
>> those
>> options.
>>
>> For a further elaboration on authentication vs. authorization:
>> http://en.wikipedia.org/wiki/Authorization
>>
>> I know this doesn't answer your question but I don't think anyone
>> here
>> understands your question. Perhaps the information I've outlined
>> above
>> will
>> help you to rephrase it so we can understand what you're asking for.
>>
>> Jason
>>
>>
>> Quoting Jyotishmaan <jyotishmaan@...>:
>>
>>>
>>> Yes, i am sure you are wrong, as per my knowledge and experience
>>> with
>>> openldap.
>>>
>>> Please give some pointers on this-In what wayz can i make my
>>> request DN
>>> and
>>> not match with the entry stored in the database ?
>>>
>>>
>>>
>>> vsp_123 wrote:
>>>>
>>>> Hi,
>>>>
>>>> I always thought authorization came after authentication. But I
>>>> guess
>>>> I could be wrong :)
>>>>
>>>> Prakash
>>>>
>>>>
>>>> On Apr 10, 2008, at 3:08 AM, Jyotishmaan Ray wrote:
>>>>
>>>>>
>>>>> Hello List,
>>>>>
>>>>> Can anybody let me know if there are anywayz that, after
>>>>> authorization, authentication can be stopped ??
>>>>> In other words when a user logs on and he is being authorized and
>>>>> his entry is checked in the database but after that, is it
>>>>> possible
>>>>> to make it a unsuccessful authentication manually for a sepcific
>>>>> user ?
>>>>>
>>>>> This I want to do, in order to suspend the user to log on for some
>>>>> time, temporarily.
>>>>>
>>>>> Please throw some pointers in this direction !!!!
>>>>>
>>>>>
>>>>> Thanks,
>>>>> Jyotishmaan Ray
>>>>
>>>> Prakash Velayutham
>>>> Programmer / Analyst
>>>> Cincinnati Children's Hospital Medical Center
>>>>
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>>
>> http://www.nabble.com/How-to-make-it-unsuccessful-authentication----tp16605307p16627298.html
>>> Sent from the PAM LDAP mailing list archive at Nabble.com.
>>>
>>>
>>> --
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>>
>>>
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>>
>>
>
> --
> View this message in context: http://www.nabble.com/How-to-make-it-unsuccessful-authentication----tp16605307p16646393.html
> Sent from the PAM LDAP mailing list archive at Nabble.com.
>
Prakash Velayutham
Programmer / Analyst
Cincinnati Children's Hospital Medical Center
« Return to Thread: How to make it unsuccessful authentication ??
| Free Forum Powered by Nabble | Forum Help |