| Prev | Installation | Next |
|---|
OpenACS supports PAM authetication via the ns_pam module in AOLserver.
Add PAM support to AOLserver.�OpenACS supports PAM support via the PAM AOLserver +
OpenACS supports PAM authetication via the ns_pam module in AOLserver.
Add PAM support to AOLserver.�OpenACS supports PAM support via the PAM AOLserver module. PAM is system of modular support, and can provide local (unix password), RADIUS, LDAP (more information), and other forms of @@ -34,7 +34,7 @@ which intermediate programs will be used to check permissions. You may need to install software to perform new types of authentication. -
RADIUS in PAM.�
Untar the pam_radius +
RADIUS in PAM.�
Untar the pam_radius tarball and compile and install. (more information)
[root@yourserver root]# cd /usr/local/src/
[root@yourserver src]# tar xf /tmp/pam_radius-1.3.16.tar
@@ -58,4 +58,25 @@
The OpenACS server itself is the "Local Authority," used by
default.Browse to the authentication administration page,
http://yourserver/acs-admin/auth/.
- Create and name an authority (in the sitewide admin UI)
Set Authentication to PAM.
If the PAM module contains a password command, you can set Password Management to PAM. If not, the PAM module cannot change the user's password and you should leave this option Disabled.
Leave Account Registration disabed.
Set Batch sync enabled to Yes. Set GetDocumentImplementation to HTTP GET. Set ProcessDocumentImplementation to IMS Enterprise 1.1. These settings will cause OpenACS to attempt to retrieve via HTTP a list of users in XML format from a location we will specify in a few steps.
Click OK.
On the next page, click Configure on the GetDocument Implementation line.
Enter the IncrementalURL and SnapshotURL. These are the URLs which the external Authority will supply with XML files in IMS Enterprise 1.1 format.
Configure your Authority (RADIUS server, etc) to supply XML files to the URLs IncrementalURL and SnapshotURL
Set Authentication to PAM.
If the PAM module contains a password command, you can set Password Management to PAM. If not, the PAM module cannot change the user's password and you should leave this option Disabled.
Leave Account Registration disabed.
Set Batch sync enabled to Yes. Set GetDocumentImplementation to HTTP GET. Set ProcessDocumentImplementation to IMS Enterprise 1.1. These settings will cause OpenACS to attempt to retrieve via HTTP a list of users in XML format from a location we will specify in a few steps.
Click OK.
On the next page, click Configure on the GetDocument Implementation line.
Enter the IncrementalURL and SnapshotURL. These are the URLs which the external Authority will supply with XML files in IMS Enterprise 1.1 format.
Configure your Authority (RADIUS server, etc) to supply XML files to the URLs IncrementalURL and SnapshotURL
+<enterprise> + <person recstatus = "1"> added person + <sourcedid> + <id>[username]</id> + </sourcedid> + <name> + <family>[last_name]</family> + <given>[first_names]</given> + </name> + <email>[email]</email> + <url>[homepage_url]</url> + </person> + <person recstatus = "2"> modified person + ... + </person> + <person recstatus = "3"> deleted person + <sourcedid> + <id>LL1</id> only requires username + </sourcedid> + </person> +</enterprise>
(More information: Section�, “IMS Sync driver design”, The IMS 1.1 spec)