Open
Bug 208540
Opened 21 years ago
Updated 10 years ago
Add a PAM extension to use unix accounts for authentication
Categories
(Bugzilla :: Extension Ideas, enhancement)
Tracking
()
NEW
People
(Reporter: shengh, Unassigned)
References
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4b) Gecko/20030516 Mozilla Firebird/0.6 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4b) Gecko/20030516 Mozilla Firebird/0.6 Our group is using bugzilla to track our development issue, this is really a nice system. thanks guys. Our local policy force us to change the login password from time to time, hence its quite difficult to remember different password for different accounts, and now comes the bugzilla, we need to remember one more now. It wouold be nice if we can have a way to use the unix login account password, which can be achieve by getting it through - ypmatch - etc. As I undertand that Bugzilla is using the Mysql's built in password() function. where unix has different algorithm when doing the encryption part, and they are quite different. We can do the hacking ourselves, but we don't want it this way as we would like to upgrade the system as newer version bugzilla will be available. Thus we are looking for a standard solution. I think this would has to add a new parameter to the system, where admin of the system can decide wherether to go with the mysql authentication and account management or the unix account and password. secondly, the password would NOT need to go into the database, as Unix OS will take care of the managerment. Or if its need, then bypass the mysql password() function, and compare the unix encrypted password with the one store in the database. Then this would requires a script to automaticlly update the user profile for the password field periodicly like the Apache web server (we have a script that picks up all valid web user members and get their password/login pair from yellow page, and update the http dot file for allowed user list). Many thanks for reading my post, and soory for my poor English. kind regards, sheng Reproducible: Always Steps to Reproduce: 1. 2. 3. Expected Results: option to use unix password and auto update database when user password changed
Comment 1•21 years ago
|
||
Now that the auth modules are split out, this wouldn't be that hard to do. I seem to recall seing a bug on using PAM, which would be a more general solution. Can't find it now, though. You'd have to be root though, so that you could read /etc/shadow.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 2•21 years ago
|
||
I don't think we ever actually had a bug for using PAM, it was just discussed several times on the newsgroup and irc and such. That would indeed be the best solution for this. Just to point out some myths in the original comment here... 1) Bugzilla does not use MySQL's crypt() for passwords, precisely for that reason, that it's inconsistent from one platform to the next (and actually doesn't even work on some platforms). We use Perl's crypt() routine, which still may or may not match the crypt used for your password files, depending on your system. 2) Since you mention ypmatch, do you happen to have the user database available via LDAP? Bugzilla's LDAP support has much improved recently, and that would be an existing way you could tie it in if that avenue is available.
Comment 3•21 years ago
|
||
*** Bug 208914 has been marked as a duplicate of this bug. ***
We use pam-ldap for unix and the same LDAP tree for bugzilla, with posixAccount schema. See also bug #284506
Updated•18 years ago
|
QA Contact: mattyt-bugzilla → default-qa
Updated•18 years ago
|
Assignee: myk → user-accounts
we don't need to support this in the core; it should be possible to implement this as an extension using bugzilla's modular auth system.
Assignee: user-accounts → extension.ideas
Component: User Accounts → Extension Ideas
Summary: option/enhancement to use unix password → Add a PAM extension to use unix accounts for authentication
You need to log in
before you can comment on or make changes to this bug.
Description
•