###### authserv.conf -- NoCatAuth Authentication Service Configuration. # # Format of this file is: , one per # line. Trailing and leading whitespace is ignored. Any # line beginning with a punctuation character is assumed to # be a comment. ###### General settings. # # Log verbosity -- 0 is (almost) no logging. 10 is log # everything. 5 is probably a safe middle road. # Verbosity 10 ## # PGPKeyPath -- The directory in which PGP keys are stored. # NoCat tries to find this in the pgp/ directory above # the bin/ parent directory. Set this only if you put it # somewhere that NoCat doesn't expect. # # PGPKeyPath /usr/local/nocat/authserv/pgp ###### Authservice-specific settings. # # HomePage -- The authservice's notion of a default # redirect. # HomePage http://192.168.0.4 # DocumentRoot -- Where all of the application templates (including # SplashPage) are hiding. Can be different from Apache's DocumentRoot. # DocumentRoot /usr/local/nocat/authserv/htdocs ##### Authservice authentication source. # # DataSource -- specifies what to authenticate against. # Possible values are DBI, Passwd, LDAP, RADIUS, PAM, Samba. # DataSource Passwd ## # Auth service database settings. # # If you select DataSource DBI, then Database, DB_User, and DB_Password # are required. # # Database is a DBI-style data source specification. # # For postgres support: # Database dbi:Pg:dbname=nocat # # For mysql support: #Database dbi:mysql:database=nocat #DB_User nocat #DB_Passwd whodatatmydo?! ## LDAP support. Requires Net::LDAP & IO::Socket::SSL to be installed from the CPAN. # # If you select DataSource LDAP, all of the following settings are required: # # LDAP_Host - DNS name or IP Address of LDAP directory # LDAP_Base - the LDAP container for searching and creating users # LDAP_Admin_User - the fully distinguished name of the administrative user # NOTE: this user must be able to create users in the container specified above # LDAP_Admin_PW - the admin users password # LDAP_Hash_Passwords - Yes or No # - if passwords are to be MD5 hashed before being set in the directory # LDAP_Search_as_Admin - Yes or No # - "Yes" if all operations are to be done as the admin user, "No" if # everything but creation should be done as anonymous # # This version of LDAP.pm has been updated and tested against a Novell eDirectory # LDAP server. The login "unique ID" - the e-mail address - is stored as an # attribute of the user, and the "name" provided by the user is used as the # directory object name. # # Please send bug reports and patches. # # Still with this release, the admin tools don't fully work with LDAP support at # the moment. # # LDAP_Host ldap.mydomain.com # LDAP_Base ou=myContainer,o=universe # LDAP_Admin_User cn=LDAPAdmin,o=universe # LDAP_Admin_PW ldapAdminSecret # LDAP_Hash_Passwords Yes # LDAP_Search_as_Admin Yes ## RADIUS support. Requires Authen::Radius to be installed from the CPAN. # # Right now, this support is totally experimental. Please send bug reports # and patches. The admin tools don't fully work with RADIUS support at the moment. # # The RADIUS_Host may by in a number of different formats and is required: # # RADIUS_Host radius.nocat.net # RADIUS_Host radius1.nocat.net,radius2.nocat.net,radius3.nocat.net # RADIUS_Host radius1.nocat.net:1645,radius2.nocat.net:1812,radius3.nocat.net # # The previous three examples are 1 host and multiple hosts (can be any number of # hosts separated by a comma) and finally with ports provided after a colon. (If # no port number is supplied, it uses the Authen::Radius default of the radius # service in /etc/services or 1645. Mixing entries with and without ports is # fine.) These examples require a RADIUS_Secret in the format: # # RADIUS_Secret sHHHH # # The other format is to use the RADIUS_Host with a secret after # the hostname seperated by a * such as the examples below. This # allows for different secrets on different hosts. # # RADIUS_Host radius1.nocat.net*secret1,radius2.nocat.net*secret2,radius3.nocat.net*secret3 # # Alternatively, ports can also be used on any number of entries. # If the secret is not present, it uses the RADIUS_Secret. # # RADIUS_Host radius1.nocat.net:1645*secret1,radius2.nocat.net:1812,radius3.nocat.net*secret3 # # RADIUS_TimeOut is optional and defaults to the Authen::Radius # default timeout. # # RADIUS_TimeOut 5 # # Finally, RADIUS_Order controls the order in which RADIUS # servers are used. The acceptable values are "Ordered" # (the default) and Random (which will share the load # among the servers. # # RADIUS_Order Random # **** End RADIUS Configuration **** ## PAM support. Requires Authen::PAM to be installed from the CPAN. # # Make sure you have an /etc/pam.d/nocat or nocat line(s) in your /etc/pam.conf. # See etc/pam.conf from this distribution for an example. The PAM_Service # directive controls which PAM service NoCat attempts to authenticate against, # but we don't recommend changing it unless you really know what you're doing # with PAM. It defaults to "nocat". The admin tools don't work with PAM support # at the moment. # # PAM_Service nocat ## Samba support. Requires Authen::Smb to be installed from the CPAN. # # Samba_PDC and Samba_Domain are required. Samba_BDC is optional. # # Samba_Domain MyWorkgroup # Samba_PDC MyPrimaryDomainController # Samba_BDC MyBackupDomainController ## Alternately, you can use the Passwd data source. # UserFile /usr/local/nocat/authserv/etc/passwd GroupUserFile /usr/local/nocat/authserv/etc/group GroupAdminFile /usr/local/nocat/authserv/etc/groupadm # # The format of these files is as follows: # # In UserFile, each line is of the form :, where the # password is an MD5 digest of the user's actual password. # # In GroupUserFile and GroupAuthFile, each line is of the form # :,,,... # # The UserFile may be updated with the bin/admintool script included in this # distribution. ###### Auth service user table settings. # # UserTable names the table containing the user ID data. # # UserIDField names the column containing the ID that the # client uses to uniquely identifying themselves, i.e. their # e-mail address or username. # # UserPasswdField stores the user's MD5-hashed password. # # UserAuthField is deprecated and will go away. # UserTable member UserIDField login UserPasswdField pass UserAuthField status UserStampField created GroupTable network GroupIDField network GroupAdminField admin ####### Auth service web application settings. # # MinPasswdLength -- Enforced minimum user password length. # Not much other checking is done on the user's p/w. # MinPasswdLength 6 # MessageSign -- shell command to sign an auth notification # with. The message to be signed is written to the # command's standard in, and the signed message is read # from standard out. # # GpgPath /usr/bin/gpg # # MessageSign $GpgPath --clearsign --homedir=$PGPKeyPath -o- # LocalGateway -- If you run auth service on the same subnet # (or host) as the gateway you need to specify the hostname # of the gateway. Otherwise omit it. (Requires Net::Netmask) # LocalGateway 192.168.4.1 # Auth service template names. See the individual templates # for details on what each one does. # LoginForm login.html LoginOKForm login_ok.html FatalForm fatal.html ExpiredForm expired.html RenewForm renew.html PassiveRenewForm renew_pasv.html RegisterForm register.html RegisterOKForm register_ok.html RegisterFields name url description UpdateForm update.html UpdateFields url description ###### Auth service user messages. Should be self-explanatory. # LoginGreeting Greetings! Welcome to the Simon's wireless node. LoginMissing Please fill in all fields! LoginBadUser That e-mail address is unknown. Please try again. LoginBadPass That e-mail and password do not match. Please try again. LoginBadStatus Sorry, you are not a registered co-op member. RegisterGreeting Welcome! Please enter the following information to register. RegisterMissing Name, E-mail, and password fields must be filled in. RegisterUserExists Sorry, that e-mail address is already taken. Are you already registered? RegisterBadUser The e-mail address provided appears to be invalid. Did you spell it correctly? RegisterInvalidPass All passwords must be at least six characters long. RegisterPassNoMatch The passwords you provided do not match. Please try again. RegisterSuccess Congratulations, you have successfully registered. UpdateGreeting Enter your E-mail and password to update your info. UpdateBadUser That e-mail address is unknown. Please try again. UpdateBadPass That e-mail and password do not match. Please try again. UpdateInvalidPass New passwords must be at least six characters long. UpdatePassNoMatch The new passwords you provided do not match. Please try again. UpdateSuccess Congratulations, you have successfully updated your account. ###### Fin.