User Password Authentication - MattReinfeldt.com - Remedy Discussion Site

You are not logged in. [Log In] MattReinfeldt.com » Forums » ARSList Archives » Archives - 2000 » User Password Authentication

Topic Options

Rate This Topic

#30289 - 07/10/00 03:33 PM User Password Authentication
erickfield Stealth Member Registered: 06/12/01 Posts: 134	In response to a corporate security requirement (after three bad password attempts on initial login, a user's password must be revoked), I've been looking at the new v4.5 external authentication feature as a possible solution. Based on my initial run-through of the Programmer's Guide, it does not seem like it is possible to externally validate Remedy users...this only applies to users not in the User Form. Using the "Cross-Refence Blank Password" option is unfortunately not an option, since Remedy login ids do not correspond with the NT domain ids. So now I'm on the hunt for alternative methods...so far I've thought of two... 1. Writing client-side C Code to perform the authentication through a console app...but then how do I stop users from bypassing the app and going straight into ARS? 2. Writing server-side Perl code to parse through the aruser.log file, looking for 3+ login attempts within a specified interval, and revoking the password...but the user won't know what happened until they try to apply a change. Neither of these ideas really tickles my fancy. Any ideas (or possibly third party apps) out there that would help me meet this security requirement? Thanks for your help! __________________________________________________ Do You Yahoo!? Get Yahoo! Mail – Free email you can access from anywhere! http://mail.yahoo.com/
Top

#30290 - 07/10/00 04:29 PM Re: User Password Authentication [Re: dlima]
jdecarlo Stealth Member Registered: 06/12/01 Posts: 56	> Based on my initial run-through of the Programmer's Guide, it does not > seem like it is possible to externally validate Remedy users...this only > applies to users not in the User Form. Erick, I specifically asked about this at RUG 2000. And was told you could use it for both users in the User Form and those not in the user form, though you could not use it if you were using /etc/passwd or NT authentication. OTOH, I have not tried to implement it yet, either. Here is an excerpt from the RUG presentation S06: How External Authentication works o) AR System Server provides name, password, and IP address in remote call to outside agent o) Agent validates name and password o) Agent returns account information o) AR System Server combines account information with user schema information Creating an external authenticator is easy o) Create library to handle 5 calls o) Link to Remedy supplied library that includes main routine o) Sample program provided using Netscape’s LDAP SDK for use with Netscape Directory Server If it hadn't been Uli Schiefer saying this, I could believe the presenter didn't understand. But Uli is a key developer of the server features like this. Note that there are lots of potholes, like having to have the authenticator on the same computer, having to learn to use a special library routines, etc. Anyone get it to work? -- John DeCarlo, The MITRE Corporation, My Views Are My Own email: jdecarlo@mitre.org voice: 703-883-7116 fax: 703-883-3383
Top

#30291 - 07/10/00 05:25 PM Re: User Password Authentication [Re: dlima]
gcalden Stealth Member Registered: 06/12/01 Posts: 108	FYI: Last year Workflow out of New Zealand created an integrated NT/Remedy/Exchange interface that allowed you to change and control all aspects of a consolidated login. I am sorry I do not know what the name is of this product or if they are actively still marketing it. I can say that my initial reaction to its performance and ability was profound. You might want to contact them via email or their Web site http://www.workflow.co.nz Hope this offers a ray of hope. Regards...Gidd Calden -----Original Message----- From: John DeCarlo [mailto:jdecarlo@MITRE.ORG] Sent: Monday, July 10, 2000 1:30 PM To: ARSLIST@LISTSERV.VISTAIT.COM Subject: Re: User Password Authentication Erick Field wrote: > Based on my initial run-through of the Programmer's Guide, it does not > seem like it is possible to externally validate Remedy users...this only > applies to users not in the User Form. Erick, I specifically asked about this at RUG 2000. And was told you could use it for both users in the User Form and those not in the user form, though you could not use it if you were using /etc/passwd or NT authentication. OTOH, I have not tried to implement it yet, either. Here is an excerpt from the RUG presentation S06: How External Authentication works o) AR System Server provides name, password, and IP address in remote call to outside agent o) Agent validates name and password o) Agent returns account information o) AR System Server combines account information with user schema information Creating an external authenticator is easy o) Create library to handle 5 calls o) Link to Remedy supplied library that includes main routine o) Sample program provided using Netscape's LDAP SDK for use with Netscape Directory Server If it hadn't been Uli Schiefer saying this, I could believe the presenter didn't understand. But Uli is a key developer of the server features like this. Note that there are lots of potholes, like having to have the authenticator on the same computer, having to learn to use a special library routines, etc. Anyone get it to work? -- John DeCarlo, The MITRE Corporation, My Views Are My Own email: jdecarlo@mitre.org voice: 703-883-7116 fax: 703-883-3383
Top

View All Topics

Moderator: Matt Reinfeldt