So i recently created a script using s-nail to send mail relay to an external SMTP server
in the script, I simply have s-nail -S smtp="serverip:port" and my destination address
It works, but in the verbose log, it shows the following lines
s-nail: Obsoletion warning: Use of old-style credentials, which will vanish in v15! Please read the manual section "On URL syntax and credential lookup" s-nail: Obsoletion warning: please don't use *smtp*: assign a smtp:// URL to *mta*!
Now I did some read and it does not seems complicate. i just need to slightly adjust my script the way it send. But since our environment still does not use smtp auth . so my question is do I need to worry? I mean will s nail actually force you to use the new URL format? the issue with new format is that in the man page, it seems like you will have to provide username and password and can not leave those fields to empty. Otherwise, it fail when I try it.
ANy suggestion?
Or can you use it without any username and password?
NOTE - our test environment does not support username and password auth.
Or ....
thanks
Related
This is why I had to face this two-factor issue: the GitHub announcement
I've seen many links regarding this problem but, because info is scattered, I decided to make a summary with steps that worked for me.
First of all, here is the best link I've found on how to set the two-factor security in github.com
Here is what I set for my token (If you select less rights than required, the access fails too, no matter the token is ok)
The key here is to use the new token INSTEAD of your user password. But because I'm just fetching all changes from my github.com repos, I've saved the credentials on local. I must admit this is NOT recommendable because security (in Linux, this is set in plain text, that is a very bad practice), but here we goes ...
Here is the link about how to set git credentials on local
Now, here is where you must set your credentials: file is ~/.git-credentials
yyyyyy#xxxxxx:~$ cat .git-credentials
https://put-your-github-user-here:put-yout-token-here#github.com
Another example on what to do in this file
Here is a link about the format for this file
After setting all this stuff, try to check the repo status or fetch any changes to local.
My .passwd file contains 2 usernames and 2 passwords.
userNameX:$apr1$F3EFwwfP$W4gD4e/W98FerHQWDErfX0
userNameY:$apr1$Nq21ft8f$CRW4OdeRDVLsLnFwFaXyE0
They have been automatically generated by the old server just providing username and clear password.
Now I have just moved to the AWS Elastic Beanstalk, these two usernames/passwords work very well, but I would like to create more users and passwords. How should I do?
If you want to use htpasswd, look at htpasswd - Options.
There, you have the warning about password on the command line
-b
Use batch mode; i.e., get the password from the command line rather than prompting for it. This option should be used with extreme care, since the password is clearly visible on the command line. For script use see the -i option. Available in 2.4.4 and later.
And the recommended option -i:
-i
Read the password from stdin without verification (for script usage).
This way, you can pass the password through standard input through a pipe (e.g. popen).
You can also look at some authentication module, depending on the language and web framework you use.
I have a PHP application, with Usernames and Public SSH Keys in it. I would like to use these accounts as the user back end of openssh.
I think I need to use pam_exec and a PHP/Bash script. I've written a php script that I can execute at CLI (The shebang sets an env of php executable). If I need to wrap this in a bash script instead to access environment variables I can do that. The script currently takes a username as its first and only parameter like so:
/opt/scripts/my-auth-script.php user_to_look_for
The script will exit zero on success (the user exists) or exit 1 if not. It currently echoes OK or Failed also but I can easily turn that off.
So, my question is, how do I have pam_exec call my script to look for user accounts, before looking on the actual host system for user accounts?
I've got it working. The way to do this is to set the AuthorizedKeysCommand and AuthorisedKeyUser settings of openssh in sshd_config. There is a caveat, the reason that github and others provide ssh as a service through a single login user shared among customers is that the user being called must be resolvable by the system being logged into, so they muxt exist locally, or the user db must be connected to a remote source like LDAP, which would also then have to be integrated into the application.
The way to get around this though, is that the AuthorizedKeyCommand can take parameters, %u for username, and also in this case %k for key or %f for sha256 fingerprint of the key. Then, that script can ignore the generic username it was given, and then just check the database for a match for the key or fingerprint. If we find it, we have the user for that key and successful authentication. If not we dont.
I need a simple solution here... I'm pretty sure this is possible, I just don't know how to set it up.
I need squid to redirect all users to a simple user acceptance agreement before allowing them out to the internet. No username and password, they either accept the agreement and get allowed access, or the don't and get a permission denied page.
I don't want to have anything complicated, lets keep it simple if we can.
I have reviewed this: http://wiki.squid-cache.org/ConfigExamples/Portal/Splash#Portal_Splash_Pages
However its not very clear to me...
Thanks in advance...
From auth_param section in squid.conf file:
Specify the command for the external authenticator. Such a program
reads a line containing "username password" and replies "OK" or "ERR"
in an endless loop. "ERR" responses may optionally be followed by a
error description available as %m in the returned error page.
By default, the basic authentication scheme is not used unless a
program is specified.
There are lots of examples around. This link has an example of a custom squid helper in PHP. It can easily be modified to have a checkbox for agreement iso a username/password authentication.
I want to create a log in system using htaccess and htpasswd file and PHP for the server-side code, but when the user logs in I want to be able to identify that user, so how can I know what the user typed in as their username using PHP code (I assume I won't need to know the password if they've managed to access the restricted page)?
Many thanks,
Ben
You just need the following to get the username that is currently in use for an authenticated session:
$_SERVER['PHP_AUTH_USER']
rev1
In light of #Ben's comment I've now found the section in the PHP documentation at HTTP authentication with PHP that explains what's going on:
As of PHP 4.3.0, in order to prevent
someone from writing a script which
reveals the password for a page that
was authenticated through a
traditional external mechanism, the
PHP_AUTH variables will not be set if
external authentication is enabled for
that particular page and safe mode is
enabled. Regardless, REMOTE_USER can
be used to identify the
externally-authenticated user. So, you
can use _SERVER['REMOTE_USER'].