Design and Implementation of authentication of server services by LDAP – Construct a Java web based directory management system

• Main Authors: Fang-Ming Hsu, 許芳銘
• Other Authors: Chung-Huang Yang
• Format: Others
• Language: zh-TW
• Online Access: http://ndltd.ncl.edu.tw/handle/29963361860317044915

碩士 === 國立高雄師範大學 === 資訊教育研究所 === 95 === With the development and implementation of all kinds of the information service systems, authentication and management of the user account ID not only have already become the system administrator's quite heavy and complicated work but also have related to the system security. LDAP provides an environment that can consolidate user account ID information into a single directory, as long as the information service systems support the interface to LDAP. This will simplify the work of system management. LDAP V3 supports multiple authentication and secure mechanisms。Implement LDAP server as the authentication server and work with the secure mechanisms will construct a secure authentication environment. This paper first relies mainly on open source softwares and takes commonly used services on linux system server as an example to implement authentication of server services by LDAP through the mechanism of PAM, pam_ldap, NSS, nss_ldap and openldap. These authentication of services include linux system account ID authentication, vsftp ftp service authentication, mail systems services authentication. And we implememt the LDAP replication .Besides we also store PKI certificate data to LDAP server by using the LDAP service of OpenCA , depend on the demand to set the ID and password data to the same entry of the certificate. This will combine user certificate and posix ID password data together to the same LDAP server. And then based on Java language，use JSP and Apache Tomcat to construct a web based LDAP directory management system that support SASL EXTERNAL certificate based authentication. Keywords: authentication, directory service, PAM, NSS, LDAP,PKI