Configuring authentication sources
From Kasai documentation
You can authenticate a user using Kasai, and through it you can re-use an existing authentication source (ie: a MS Windows server, a DBMS database, a LDAP compatible directory, UNIX accounts through PAM, etc.).
You can configure which type of authentication you would like to use in Kasais configuration file by setting the auth.service parameter. This parameter must contain a full qualified class name that implements the org.manentia.kasai.services.AuthService interface.
Kasai provides authentication services that allow you to validate user names and passwords using:
- a relational database (RDBMSAuthService)
- a UNIX server (UnixAuthService)
- a Windows domain server (Win32AuthService)
- an AS/400 server (AS400AuthService)
The next sections describe how to configure them. You're encouraged to implement your own authentication services to suit your specific needs if the pre-packaged ones doesn't fit your shoe.
Contents |
[edit] RDBMSAuthService
Kasai includes a very flexible and easy to use authentication service that allows you to validate user names and passwords using a relational database.
To use it set the auth.service parameter to org.manentia.kasai.services.RDBMSAuthService in Kasais configuration file.
To use this module you must obtain the following information:
- All the necessary values required to connect to the database that contains the users and passwords table (ie: driver, url, user name and password)
- The name of the table that contains the user names and passwords
- The name of the column that contains the user names
- The name of the column that contains the passwords
- The encryption or hashing algorithm used to store the passwords
Once you have all these information you can fill all kasai.rdbms... parameters in kasai's configuration file. Additionally, you must specify the preferred length of randomly generated passwords (using the kasai.rdbms.randomPassword.length parameter), these value is used when the system creates a new user, or when a users password is reseted.
The database created from a clean installation of the framework contains both a user name and password fields in the kasai_users table, that can be used to authenticate your application users if you do not have an already existing user repository.
These are sample values for the RDBMS authentication service using the kasai_users table:
kasai.rdbms.driver=com.mysql.jdbc.Driver kasai.rdbms.url=jdbc:mysql://localhost/kasai?user=root&password=password&autoReconnect=true kasai.rdbms.user= kasai.rdbms.password= kasai.rdbms.randomPassword.length=8 kasai.rdbms.encryptorStrength=strong kasai.rdbms.table=kasai_users kasai.rdbms.usernameField=id kasai.rdbms.passwordField=password
[edit] UnixAuthService
Using Kasai, you can authenticate your users using the local operating system accounts. This works for most *nix systems that support PAM.
To use it set the auth.service parameter to org.manentia.kasai.services.UnixAuthService in Kasais configuration file.
The Unix authentication service relies on the http://www.scribblin.gs/software/sysauth.html package from the folks at http://www.scribblin.gs, you need to configure it before using the service. To get it running you need to:
- Copy the sysauth/java_auth file to /etc/pam.d/java_auth.
- Copy the sysauth/libSysAuth.so file to your preferred location and add the destination folder to the LD_LIBRARY_PATH environment variable.
- Ensure that the user running the JVM under which kasai runs has permission to read the shadow password file (/etc/shadow).
You need to set no further parameters to use this service. Note that the functionality provided by this service is more restricted than the DBMS one, you can not change a users password or reset a password to a randomly generated one.
[edit] Win32AuthService
You can use a Windows domain to authenticate your users through Kasai. To use it set the auth.service parameter to org.manentia.kasai.services.Win32AuthService in Kasais configuration file.
Then you need to add/set the following parameters in the configuration file:
- kasai.win32.domain : Name of the Windows domain to use
- kasai.win32.domainController : Hostname or address of the domain controller to which Kasai will ask for authentication
[edit] AS400AuthService
You can use an AS/400 server to authenticate your users through Kasai. To use it set the auth.service parameter to org.manentia.kasai.services.AS400AuthService in Kasais configuration file.
Then you need to add/set the kasai.as400.IPAddress parameter in the configuration file, this parameter must contain the IP address of the server (AS/400).
