Yes, I noticed that issue. I am trying to solve that exact issue. Is this
behavior of the PROCESS service considered a bug?
The majority of the our test machines have STAF started under
Administrator (windows) and root (AIX, Linux). Also, we must use
administrative user to install the test software. Password validation
will add one more level of security to avoid unintentional install on
someone else test system.
--
Regards,
Mike Tran
IBM Austin, Texas
From:
Sharon Lucas/Austin/IBM
To:
Mike Tran/Austin/i...@ibmus
Cc:
staf-users@lists.sourceforge.net
Date:
10/13/2010 09:44 AM
Subject:
Fw: [staf-users] User / password Validation
Also note on Windows if the USERNAME value specified is the same as the
user who was logged in when STAFProc was started, no validation of the
password is performed. If the USERNAME value specified is different from
the user that is running STAFProc, then password validation is performed.
--------------------------------------------------------------
Sharon Lucas
IBM Austin, luc...@us.ibm.com
(512) 286-7313 or Tieline 363-7313
----- Forwarded by Sharon Lucas/Austin/IBM on 10/13/2010 09:27 AM -----
From: Sharon Lucas/Austin/IBM
To: Mike Tran/Austin/i...@ibmus
Cc: staf-users@lists.sourceforge.net
Date: 10/12/2010 04:41 PM
Subject: Re: [staf-users] User / password Validation
STAF does not really provide a way to just validate an OS userid /
password.
You could google for ways to validate an operating system's userid and
password and if you find a command that does this, you could possibly run
it via a STAF PROCESS START request.
Or, perhaps you could use the STAF PROCESS START request's USERNAME and
PASSWORD options as follows:
Windows:
You could run an arbitrary command (e.g. echo Hi) as another user by
submitting a PROCESS START request and specifying the USERNAME and
PASSWORD and STAF will attempt to run the specified command as that user
and will return an error if an invalid username/password was specified.
Note: On Windows, to use the USERNAME/PASSWORD options on a PROCESS START
request, the PROCESSAUTHMODE operational parameter must be set to WINDOWS
(set in the STAF.cfg file on the system where the process is run under a
different username or set dynamically via a PROCESS SET PROCESSAUTHMODE
WINDOWS request). If the PROCESSAUTHMODE is set to Disabled (the default)
then it won't return an error if an invalid username/password is specified
if the DEFAULTAUTHDISABLEDACTION operational parameter is set to Ignore
(the default). You can submit a PROCESS LIST SETTINGS request to see what
"Process Auth Mode" and "Default Auth Disabled Action" are currently set
to.
For example:
C:\>STAF local PROCESS SET PROCESSAUTHMODE WINDOWS
Response
--------
C:\>STAF local PROCESS LIST SETTINGS
Response
--------
Default Stop Using Method : SigKillAll
Default Console Mode : New
Default Focus : Background
Process Auth Mode : Windows
Default Auth Username : <None>
Default Auth Password : <None>
Default Auth Disabled Action: Ignore
Default Shell : <None>
Default New Console Shell : <None>
Default Same Console Shell : <None>
C:\>STAF local PROCESS START COMMAND "echo Hi" RETURNSTDOUT STDERRTOSTDOUT
WAIT USERNAME MyUser PASSWORD xyz
Error submitting request, RC: 46
Additional info
---------------
Error during process authentication for user name: MyUser
LogonUser failed with OS RC 1326: Logon failure: unknown user name or bad
password.
Note that you could get an error like the following if you haven't set
certain privileges needed for STAF to run a process as another user on
Windows as talked about at
http://staf.sourceforge.net/current/STAFUG.htm#HDRWINUSER, but this error
would occur after the username/password has been validated. For example:
C:\>STAF local PROCESS START COMMAND "echo Hi" RETURNSTDOUT STDERRTOSTDOUT
WAIT USERNAME MyUser PASSWORD xyz
Error submitting request, RC: 10
Additional info
---------------
Error starting the process. CreateProcessAsUser failed with OS RC 1314: A
required privilege is not held by the client.
Logged on user must be an administrator with the following privilege(s):
Replace a process level token
Unix:
You could validate if the userid was valid by specifying "su - %u %C" for
the SHELL option on the PROCESS START request and specify the USERNAME
option and specify some arbitrary command (e.g. echo Hi). Note that
password validation is not performed. For example:
# STAF local PROCESS START SHELL "su - %u -c %C" COMMAND "echo Hi"
USERNAME myuser RETURNSTDOUT STDERRTOSTDOUT WAIT
Response
--------
{
Return Code: 1
Key : <None>
Files : [
{
Return Code: 0
Data : su: user myuser does not exist
}
]
}
Or, you could use the USERNAME option (the PASSWORD option is ignored) on
a PROCESS START request to run the specified command as that user and it
will return an error if an invalid USERNAME was specified. On Unix, to
use the USERNAME option to run the process as another user, the
PROCESSAUTHMODE operational parameter must be set to NONE which indicates
that user names will be honored but not authenticated. In this mode,
passwords are ignored and processes are started under the indicated user
name. For example:
# STAF local PROCESS SET PROCESSAUTHMODE NONE
Response
--------
# STAF local PROCESS START SHELL COMMAND "echo Hi" USERNAME myuser
RETURNSTDOUT STDERRTOSTDOUT WAIT
Error submitting request, RC: 46
Additional info
---------------
Error during process authentication for user name myuser
--------------------------------------------------------------
Sharon Lucas
IBM Austin, luc...@us.ibm.com
(512) 286-7313 or Tieline 363-7313
From: Mike Tran/Austin/IBM
To: Sharon Lucas/Austin/i...@ibmus
Cc: staf-users@lists.sourceforge.net
Date: 10/12/2010 02:47 PM
Subject: Re: [staf-users] User / password Validation
Basically, I am providing a web application for many users to install
certain products on their test machines. As a pre-req, their machines
must give trust level 5 for the automation servers.
In addition to the host name of the target machine(s), I want the user to
enter OS userid / password (e.g. Administator / mypassword or root /
myrootpass) if the password is not correct, the STAX job will terminate.
--
Regards,
Mike Tran
Phone: 512-286-8959 (T/L: 363-8959)
IBM Austin, Texas
From:
Sharon Lucas/Austin/IBM
To:
Mike Tran/Austin/i...@ibmus
Cc:
staf-users@lists.sourceforge.net
Date:
10/12/2010 12:31 PM
Subject:
Re: [staf-users] User / password Validation
What kind of "validation" do you want to perform?
What kind of user / password are you trying to validate?
--------------------------------------------------------------
Sharon Lucas
IBM Austin, luc...@us.ibm.com
(512) 286-7313 or Tieline 363-7313
From: Mike Tran/Austin/i...@ibmus
To: staf-users@lists.sourceforge.net
Date: 10/12/2010 12:20 PM
Subject: [staf-users] User / password Validation
I am looking for a simple way to validate the userid / password input to a
STAX job. I read the PROCESS service,
http://staf.sourceforge.net/current/STAFUG.htm#HDRPROCSRV but it seems
complicated to use USERNAME and PASSWORD options.
Is there another way to perform a quick user / password validation before
I allow the STAX job to continue ?
--
Regards,
miket...@us.ibm.com
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
staf-users mailing list
staf-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/staf-users
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
staf-users mailing list
staf-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/staf-users
