el-moe has asked for the wisdom of the Perl Monks concerning the following question:

Hello all,

I have been attempting to implement an authentication scheme to run on both HPUX and Win_NT machines.

Until I was forced ( against my will ) to bring the NT systems into our engineering arena I was simply using this for authentication:

sub check_passwd {
    my ($uname,$guess) = @_;
    my ($name, $passwd, $uid) = getpwnam($uname);
    $supervisor =  $uname;
    return (crypt($guess, $passwd) eq $passwd);
}
sub check_group {
    my ($uname,$group) = @_;
    while(($name, undef, undef, $members) = getgrent) {
        next if $name ne $group;
        return (grep { $_ eq $uname } split ( / /,$members )) ;
    }
}

[download]
This was working great!!

Now with NT I have been reading and searching and have found some info regarding using User::grent and User::pwentThe code I have so far to use these modules looks something like this...

sub check_passwd_nt {
    my ($uname,$guess) = @_;
    my $pw = getpw($uname);
    print Dumper($pw);
}
sub check_group_nt {
    my ($uname,$group) = @_;
    my $gr = getgr($uname);
    print Dumper($gr);
}
&check_passwd_nt($user_text,$passwd_text);
&check_group_nt($user_text,"supercam");

[download]
I have a Tk popup to ask for name and passwd and everything I read says that I can do this on NT but I am getting an error message and have found no examples except for the pod's for these modules.

The error is:
"Error: The getpwnam function is unimplemented at v:/NT/perl/lib/User/pwent.pm line 172."

Can anyone give me some examples of how they would authenticate a user on both NT and UNIX?

I have no qualms testing for OS and calling the appropriate function. So I guess I'm really simply needing a way to auth on NT.

Thanks in advance for all your help!!

Prost,
Moe

Replies are listed 'Best First'.
Re: How do I authenticate users on multiple platforms?
by $code or die (Deacon) on Feb 06, 2001 at 09:16 UTC
    Get Win32::AdminMisc from http://www.roth.net/perl and then you can do this:
    if (Win32::AdminMisc::UserCheckPassword($server, $user, $guess)) {
   print "$guess is correct password for $user";
} else {
   print "Bad Username or Password";
}

    [download]
    Update: To test whether they are part of a group, you will need to do this:
    use Win32::NetAdmin;
$groupname = 'supercam';
if (GroupIsMember($server, $groupname, $user)) {
  print "user in group"; 
}  else  {
  print "user doesn't have permission...";
}

    [download]

    You should be able to combine both these to do what you want. In both the cases, if '$server' is empty, it defaults to the current machine.

    Update 2: Hmm, I forgot about Win32::AuthenticateUser. Did it work? You could use that in conjunction with Win32::NetAdmin::GroupIsMember().

    Check out Win32::AdminMisc anyway, because its got loads more there that will be useful if you're "forced" to use Windows =P

    $code or die
    Using perl at
    The Spiders Web
[reply]
[d/l]
[select]
Re: How do I authenticate users on multiple platforms?
by the_slycer (Chaplain) on Feb 06, 2001 at 07:22 UTC
    Well, I'm not sure how portable it is, but if you are running the authentication on an NT server/machine (I'm not really sure from the above) then you could use the lanman module to check the group out.

    Basically you would query like so: 
    Win32::Lanman::NetGroupGetUsers($server, $group, \@users);

    [download]
    Where $server is the domain server, $group the group you want to query, and @users the list of users that is returned. I'm sure you could run through that list to check the user, and then if succesful check username and password etc using the same module, or one of the many(?) others that do the same.

    Probably the best place to ask this (if you are indeed authenticating on an NT machine) is the activestate win32 admin mailing list
[reply]
[d/l]
Re: How do I authenticate users on multiple platforms?
by dkubb (Deacon) on Feb 06, 2001 at 14:19 UTC

    You could use something like LDAP, which should allow both NT and *NIX platforms to authenticate against it. You can set it up to do anything from application level authentication (what you want), to web basic auth, and even workstation or network logins. It allows you to have one single authentication system, rather than multiple "databases" to maintain.

    Perl has quite a rich interface to this directory service. Do a search on CPAN for the word LDAP, or check out Net::LDAP, and you'll see what I mean.

[reply]
Re: How do I authenticate users on multiple platforms?
by el-moe (Scribe) on Feb 09, 2001 at 06:38 UTC
    Thanks for all the suggestions friends!!! Here's what seems to work for me.
    
if ( $IS_NT ) {
    require "Win32/AuthenticateUser.pm";
    import Win32::AuthenticateUser AuthenticateUser;
    require "Win32/NetAdmin.pm";
    import Win32::NetAdmin GroupGetMembers;
}

if (&check_passwd_nt($user_text,$passwd_text) && 
    &check_group_nt($user_text,"supercam")) {
    print "user IS a member of supercam\n";
} else {
    print "NOT a member of supercam or typed wrong password\n";

}

sub check_passwd_nt {
    my ($uname,$guess) = @_;
    return(AuthenticateUser("ANAHEIM",$uname,$guess));
}

sub check_group_nt {
    my ($uname,$group) = @_;
    my @users = ();
    GroupGetMembers("ah_nt1",$group,\@users);
    return(grep { lc($_) eq lc($uname) } @users);
}

    [download]
    Thanks again for giving me some stuff to try.

    Prost,
    Moe

[reply]
[d/l]
Re: How do I authenticate users on multiple platforms?
by el-moe (Scribe) on Feb 06, 2001 at 05:56 UTC
    I forgot to add that the user MUST be part of a specific group "supercam". I cannot let just anyone auth just because they are a valid user on the system. This is NOT a login type of thing. It is for an override action.

    I was just perousing the Win32::AuthenticateUser possibilities but it doesn't seem to let me make sure the user is part of a supervisorial (is that a word?) type of group.

    Anyway... Thank again in advance.

    Prost,
    Moe

[reply]
[d/l]
Re: How do I authenticate users on multiple platforms?
by el-moe (Scribe) on Feb 07, 2001 at 06:45 UTC
    I got pulled from this project for a few days. Thanks for the suggestions all. I'll give you an update as soon as I try some configurations and find what works best for me.

    Prost,
    Moe

[reply]

Back to Seekers of Perl Wisdom