Also note on Windows if the USERNAME value specified is the same as the user who was logged in when STAFProc was started, no validation of the password is performed. If the USERNAME value specified is different from the user that is running STAFProc, then password validation is performed.
-------------------------------------------------------------- Sharon Lucas IBM Austin, luc...@us.ibm.com (512) 286-7313 or Tieline 363-7313 ----- Forwarded by Sharon Lucas/Austin/IBM on 10/13/2010 09:27 AM ----- From: Sharon Lucas/Austin/IBM To: Mike Tran/Austin/i...@ibmus Cc: staf-users@lists.sourceforge.net Date: 10/12/2010 04:41 PM Subject: Re: [staf-users] User / password Validation STAF does not really provide a way to just validate an OS userid / password. You could google for ways to validate an operating system's userid and password and if you find a command that does this, you could possibly run it via a STAF PROCESS START request. Or, perhaps you could use the STAF PROCESS START request's USERNAME and PASSWORD options as follows: Windows: You could run an arbitrary command (e.g. echo Hi) as another user by submitting a PROCESS START request and specifying the USERNAME and PASSWORD and STAF will attempt to run the specified command as that user and will return an error if an invalid username/password was specified. Note: On Windows, to use the USERNAME/PASSWORD options on a PROCESS START request, the PROCESSAUTHMODE operational parameter must be set to WINDOWS (set in the STAF.cfg file on the system where the process is run under a different username or set dynamically via a PROCESS SET PROCESSAUTHMODE WINDOWS request). If the PROCESSAUTHMODE is set to Disabled (the default) then it won't return an error if an invalid username/password is specified if the DEFAULTAUTHDISABLEDACTION operational parameter is set to Ignore (the default). You can submit a PROCESS LIST SETTINGS request to see what "Process Auth Mode" and "Default Auth Disabled Action" are currently set to. For example: C:\>STAF local PROCESS SET PROCESSAUTHMODE WINDOWS Response -------- C:\>STAF local PROCESS LIST SETTINGS Response -------- Default Stop Using Method : SigKillAll Default Console Mode : New Default Focus : Background Process Auth Mode : Windows Default Auth Username : <None> Default Auth Password : <None> Default Auth Disabled Action: Ignore Default Shell : <None> Default New Console Shell : <None> Default Same Console Shell : <None> C:\>STAF local PROCESS START COMMAND "echo Hi" RETURNSTDOUT STDERRTOSTDOUT WAIT USERNAME MyUser PASSWORD xyz Error submitting request, RC: 46 Additional info --------------- Error during process authentication for user name: MyUser LogonUser failed with OS RC 1326: Logon failure: unknown user name or bad password. Note that you could get an error like the following if you haven't set certain privileges needed for STAF to run a process as another user on Windows as talked about at http://staf.sourceforge.net/current/STAFUG.htm#HDRWINUSER, but this error would occur after the username/password has been validated. For example: C:\>STAF local PROCESS START COMMAND "echo Hi" RETURNSTDOUT STDERRTOSTDOUT WAIT USERNAME MyUser PASSWORD xyz Error submitting request, RC: 10 Additional info --------------- Error starting the process. CreateProcessAsUser failed with OS RC 1314: A required privilege is not held by the client. Logged on user must be an administrator with the following privilege(s): Replace a process level token Unix: You could validate if the userid was valid by specifying "su - %u %C" for the SHELL option on the PROCESS START request and specify the USERNAME option and specify some arbitrary command (e.g. echo Hi). Note that password validation is not performed. For example: # STAF local PROCESS START SHELL "su - %u -c %C" COMMAND "echo Hi" USERNAME myuser RETURNSTDOUT STDERRTOSTDOUT WAIT Response -------- { Return Code: 1 Key : <None> Files : [ { Return Code: 0 Data : su: user myuser does not exist } ] } Or, you could use the USERNAME option (the PASSWORD option is ignored) on a PROCESS START request to run the specified command as that user and it will return an error if an invalid USERNAME was specified. On Unix, to use the USERNAME option to run the process as another user, the PROCESSAUTHMODE operational parameter must be set to NONE which indicates that user names will be honored but not authenticated. In this mode, passwords are ignored and processes are started under the indicated user name. For example: # STAF local PROCESS SET PROCESSAUTHMODE NONE Response -------- # STAF local PROCESS START SHELL COMMAND "echo Hi" USERNAME myuser RETURNSTDOUT STDERRTOSTDOUT WAIT Error submitting request, RC: 46 Additional info --------------- Error during process authentication for user name myuser -------------------------------------------------------------- Sharon Lucas IBM Austin, luc...@us.ibm.com (512) 286-7313 or Tieline 363-7313 From: Mike Tran/Austin/IBM To: Sharon Lucas/Austin/i...@ibmus Cc: staf-users@lists.sourceforge.net Date: 10/12/2010 02:47 PM Subject: Re: [staf-users] User / password Validation Basically, I am providing a web application for many users to install certain products on their test machines. As a pre-req, their machines must give trust level 5 for the automation servers. In addition to the host name of the target machine(s), I want the user to enter OS userid / password (e.g. Administator / mypassword or root / myrootpass) if the password is not correct, the STAX job will terminate. -- Regards, Mike Tran Phone: 512-286-8959 (T/L: 363-8959) IBM Austin, Texas From: Sharon Lucas/Austin/IBM To: Mike Tran/Austin/i...@ibmus Cc: staf-users@lists.sourceforge.net Date: 10/12/2010 12:31 PM Subject: Re: [staf-users] User / password Validation What kind of "validation" do you want to perform? What kind of user / password are you trying to validate? -------------------------------------------------------------- Sharon Lucas IBM Austin, luc...@us.ibm.com (512) 286-7313 or Tieline 363-7313 From: Mike Tran/Austin/i...@ibmus To: staf-users@lists.sourceforge.net Date: 10/12/2010 12:20 PM Subject: [staf-users] User / password Validation I am looking for a simple way to validate the userid / password input to a STAX job. I read the PROCESS service, http://staf.sourceforge.net/current/STAFUG.htm#HDRPROCSRV but it seems complicated to use USERNAME and PASSWORD options. Is there another way to perform a quick user / password validation before I allow the STAX job to continue ? -- Regards, miket...@us.ibm.com ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb _______________________________________________ staf-users mailing list staf-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/staf-users ------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb _______________________________________________ staf-users mailing list staf-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/staf-users
