Article delegate-en/3050 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3047@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: how to authenticate admins by other means than identd or ftp ?
10 Aug 2005 03:33:02 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

In message <_A3047@delegate-en.ML_> on 08/10/05(00:15:25)
you Armin Wies <p44fqbdyi-j73qrjk4emlr.ml@ml.delegate.org> wrote:
 |I understand that admins are either authenticated by ident or by a
 |reverse ftp-connection using the credientials provided by the user.
 |
 |I have neither identd running (I'm not sure if this is a secure
 |method) nor do I think that passwords sent over the network using
 |ftp-connections are a good idea.
 |
 |Is there a way how I can authenticate admins (using the web-gui
 |http://mydelegatserver:port/-/admin for a HTTP-server) by ADS,
 |TACACS+, or maybe system users of mydelegateserver ?
 |
 |I tried using httpam, but could not get this to work...

If your host of DeleGate runs FTP server, then you can use it for the
authentication with an AUTH parameter as this:

  AUTH="admin:*:dgadmin@localhost"

  Username: dgadmin
  Password: the password for dgadmin at the localhost of DeleGate


 |Maybe this is trivial, but I have not found out.
 |
 |Another issue: Is there a way how the admin-gui can be secured using
 |SSL ? (And to disable http://mydelegatserver:port/-/admin ?)
 |I don't like anybody sniffing my passwords on unencrypted connections.

You can make your DeleGate use SSL optionally when it detected SSL on
the client-side connection, as this:

  STLS=-fcl

So the simplest solution for your requirment with proxy HTTP-DeleGate can
be like this:

  delegated -P8080 SERVER=http STLS=-fcl AUTH="admin:*:dgamin@localhost"

  admin-URL: https://DeleGateHost:8080/-/admin/


I think "AUTH=admin" should have been obsoleted when "AUTHORIZER" parameter
was introduced, especially when Digest-Authentication is introduced.
Since we can easily use SSL, Digest-Aughentication, or PAM in DeleGate, 
it might be the good time to do so.

Cheers,
Yutaka
--
  D G   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( - )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V