| | Home | Changes | Index | Search | Go <-- This creates the navigation links to : Home | Help | Index | etc. -->
Configuring Authentication for Project Wonderland |
| | If you are using the source release, use the following command to add to the password file:
# cd lg3d-wonderland |
|
<
< | # java -cp ext/sgs/darkstar/lib/sgs.jar com.sun.sgs.impl.auth.PasswordFileEditor data/Wonderland/passwords <password |
>
> | # java -cp ext/sgs/darkstar/lib/sgs.jar com.sun.sgs.impl.auth.PasswordFileEditor data/Wonderland/passwords |
| |
Replace <username> and <password> in the commands above with the desired username and password to add. The password file |
| | To remove a user, simply edit the password file in data/Wonderland/passwords and remove the line containing the desired username. |
|
<
< | Configuring authentication for the Server Master Client |
>
> | Configuring password file authentication for the Server Master Client |
| | If you plan to run the Server Master Client (SMC), you should also use the above technique to add to the password file the user name and password of the SMC. |
|
<
< | The user name of the SMC is ServerMasterClient. |
>
> | The user name of the SMC is ServerMasterClient. By default, the password of the SMC is guest. If you wish to use a different
password then you must do the following. (For the purposes of this example the SMC password we will use is MySMCPassword). |
| | If you are using the binary release, use the following command to add to the password file: |
|
<
< | # java -cp ext/darkstar/lib/sgs.jar com.sun.sgs.impl.auth.PasswordFileEditor data/Wonderland/passwords ServerMasterClient? pass |
>
> | # java -cp ext/darkstar/lib/sgs.jar com.sun.sgs.impl.auth.PasswordFileEditor data/Wonderland/passwords ServerMasterClient? MySMCPassword? |
| |
If you are using the source release, use the following command to add to the password file: |
|
<
< | # java -cp ext/sgs/darkstar/lib/sgs.jar com.sun.sgs.impl.auth.PasswordFileEditor data/Wonderland/passwords ServerMasterClient? pass |
>
> | # java -cp ext/sgs/darkstar/lib/sgs.jar com.sun.sgs.impl.auth.PasswordFileEditor data/Wonderland/passwords ServerMasterClient? MySMCPassword? |
| | |
|
<
< | By default, the password of the SMC is guest. You can however specify a non-default password. In this case you will need to create a file which contains
the password of the SMC. For example, you can put this password in the file lg3d-wonderland/data/Wonderland/smc_password. Then you must add the following line
to your my.run.properties file (if you are using the binary release) or your my.build.properties file (if you are using the source tree). |
>
> | Then create a plain text file on the system on which you run the SMC and place the SMC password in this file as the first line followed by ENTER.
For example, you could put this password in the file lg3d-wonderland/data/Wonderland/smc_password. The first line would contain the text MySMCPassword.
Finally, you must create a property which points to the file in which you put your SMC password. You must add the following property
to your SMC's my.run.properties file (if you are using the binary release) or your my.build.properties file (if you are using the source tree). |
| |
smc.password.file=data/Wonderland/smc_password
|
| |
| org.jdesktop.lg3d.wonderland.darkstar.server.auth.ldap.username-attr | The attribute in the directory that represents the username. Default is "uid". |
| org.jdesktop.lg3d.wonderland.darkstar.server.auth.ldap.fullname-attr | The attribute in the directory that represents the full name. Default is "cn". |
| org.jdesktop.lg3d.wonderland.darkstar.server.auth.ldap.email-attr | The attribute in the directory that represents the email address. Default is "mail". |
|
|
>
> | Configuring LDAP authentication for the Server Master Client
You can also use LDAP to configure a password for the Server Master Client. To do this, the LDAP system must contain a password for user ServerMasterClient.
You must create a plain text file on the system on which you run the SMC and place the SMC password in this file as the first line followed by ENTER.
For example, you could put this password in the file lg3d-wonderland/data/Wonderland/smc_password. The first line would contain the text MySMCPassword (for example).
Finally, you must create a property which points to the file in which you put your SMC password. You must add the following property
to your SMC's my.run.properties file (if you are using the binary release) or your my.build.properties file (if you are using the source tree).
smc.password.file=data/Wonderland/smc_password
|
| | Home | Changes | Index | Search | Go <-- This creates the navigation links to : Home | Help | Index | etc. --> |
|
>
> | Configuring Authentication for Project Wonderland
UNDER MODIFICATION -- CHECK BACK IN A BIT |
| | |
|
<
< | Project Wonderland Authentication |
>
> | This document describes how to configure Wonderland to authenticate users when they attempt to log in. By default, Project Wonderland
does not require users to authenticate to the server (that is, they do not need to enter a password). An administrator can configure
Wonderland to use one of the two supported methods of authentication: file-based authentication and LDAP-based authentication. |
| | |
|
<
< | By default, Project Wonderland does not require users to authenticate to the server. An administrator can turn on one of the two currently supports two methods of authentication: file-based authentication and LDAP-based authentication. This document explains how to configure these types of authentication. |
>
> | Configuring file-based authentication |
| | |
|
<
< | Configuring file-based authentication |
>
> | File-based authentication is the most simple authentication method in Wonderland: user IDs and their passwords are stored in a file,
which can be updated by the administrator. |
| | |
|
<
< | The simplest for of authentication is file-based. User's ids an passwords are stored in a file, which can be updated by the administrator. |
>
> | Enabling file-based authentication |
| | |
|
<
< | 1. Enable file-based authentication |
>
> | To enable file-based authentication, edit the WonderlandMain.cfg file. This file is located in two different places depending upon
whether you are working with the binary distribution or source distribution of Project Wonderland: |
| | |
|
<
< | To enable file-based authentication, edit the file src/darkstar_config/WonderlandMain.cfg in the lg3d-wonderland directory. Uncomment the following lines: |
>
> |
- src/darkstar_config/WonderlandMain.cfg if using the source distribution
- config/WonderlandMain.cfg if using the binary distribution
Uncomment the following lines in WonderlandMain.cfg: |
| |
// simple authenticator
com.sun.sgs.app.authenticators=com.sun.sgs.impl.auth.NamePasswordAuthenticator |
| |
This will enable password authentication based on the password file in the given location relative to the lg3d-wonderland directory. The Wonderland server must be restarted for the change to take effect. |
|
<
< | 2. Add a user |
>
> | Adding and removing users in the password file
Passwords in the password file are stored using an MD5 hash. A tool is provided to add a new user to the file.
If you are using the binary release, use the following command to add to the password file:
# cd <install directory>
# java -cp ext/darkstar/lib/sgs.jar com.sun.sgs.impl.auth.PasswordFileEditor data/Wonderland/passwords <username> <password>
|
| | |
|
<
< | Passwords in the password file are stored using an MD5 hash. A tool is provided to add a new user to the file. From the lg3d-wonderland directory, run: |
>
> | where <install directory> is the directory in which your binary distribution is installed.
If you are using the source release, use the following command to add to the password file: |
| | |
|
<
< | # java -cp ext/sgs/darkstar/lib/sgs.jar com.sun.sgs.impl.auth.PasswordFileEditor data/Wonderland/passwords user pass |
>
> | # cd lg3d-wonderland
# java -cp ext/sgs/darkstar/lib/sgs.jar com.sun.sgs.impl.auth.PasswordFileEditor data/Wonderland/passwords <password |
| | |
|
<
< | Where user is the username to add and pass is the user's password. |
| | |
|
<
< | 3. Remove a user |
>
> | Replace <username> and <password> in the commands above with the desired username and password to add. The password file
itself is found at data/Wonderland/passwords with respect to the base Wonderland directory. |
| | |
|
<
< | A user can be removed by editing the password file directly and removing the line with the user's username. |
>
> | To remove a user, simply edit the password file in data/Wonderland/passwords and remove the line containing the desired username. |
| | |
|
<
< | 4. Configuring authentication for the Server Master Client |
>
> | 4. Configuring authentication for the Server Master Client |
| | If you plan to run the Server Master Client (SMC), you should also use the above technique to add to the password file the user name and password of the SMC.
The user name of the SMC is ServerMasterClient. |
| |
smc.password.file=data/Wonderland/smc_password
|
|
<
< | Configuring LDAP authentication |
| | |
|
<
< | LDAP authentication can be used to authenticate against an LDAP database, typically used for corporate authentication. There are many freely available and open source LDAP server, such as the OpenDS project. |
>
> | Configuring LDAP-based authentication
LDAP authentication can be used to authenticate users against an LDAP database, typically used for corporate authentication. There are many freely available and
open source LDAP servers, such as the OpenDS project.
To enable LDAP-based authentication, edit the WonderlandMain.cfg file. This file is located in two different places depending upon
whether you are working with the binary distribution or source distribution of Project Wonderland:
- src/darkstar_config/WonderlandMain.cfg if using the source distribution
- config/WonderlandMain.cfg if using the binary distribution
|
| | |
|
<
< | To configure the LDAP server, edit the file src/darkstar_config/WonderlandMain.cfg in the lg3d-wonderland directory. Uncomment the following lines: |
>
> | Uncomment the following lines in WonderlandMain.cfg: |
| |
// LDAP authenticator |
| | Replace the value of the directory property with your LDAP server's hostname, for example ldaps://sun-directory.sun.com. You must also replace the base-dn, which is the root of the directory tree to search, with the correct base for your LDAP server. |
|
<
< | In addition to the properties above, you may set the following optional properties, as specified in the Javadoc for org.jdesktop.lg3d.wonderland.darkstar.server.auth.LDAPAuth. |
>
> | In addition to the properties above, you may set the following optional properties (as specified in the Javadoc for org.jdesktop.lg3d.wonderland.darkstar.server.auth.LDAPAuth): |
| | |
|
>
> |
| LDAP Property | Definition |
|---|
| org.jdesktop.lg3d.wonderland.darkstar.server.auth.ldap.search-filter | The LDAP filter to search for user names, for example "employeenumber=%s", where %s will be substituted with the user name used for authentication. The default is "uid=%s" |
| org.jdesktop.lg3d.wonderland.darkstar.server.auth.ldap.context-factory | The directory context factory. Default is "com.sun.jndi.ldap.LdapCtxFactory" |
| org.jdesktop.lg3d.wonderland.darkstar.server.auth.ldap.username-attr | The attribute in the directory that represents the username. Default is "uid". |
| org.jdesktop.lg3d.wonderland.darkstar.server.auth.ldap.fullname-attr | The attribute in the directory that represents the full name. Default is "cn". |
| org.jdesktop.lg3d.wonderland.darkstar.server.auth.ldap.email-attr | The attribute in the directory that represents the email address. Default is "mail". |
|