sfflogon This program authenticates a logon/passwd in any one of a number of ways 1. w4 logon 2. against an apache httpd server (possibly running radius) sfflogon -s server3 -p 80 -t http -l logon -w passwd A parameter file is (normally) web/setup/customer.setup ; Internal v External logons external-address:195.13.83.* internal-address:10.1.*.* internal-address:10.2.*.* ; assume the address is int or ext if no explictly stated above default-address:internal/external default: internal ; Cookies allow-cookies:yes/no Allow users to use cookies so they do not need to logon each time default: no allow-external-cookies:yes/no Allow external users to use cookies. default: no logon-list-file:(name of list file) This is in /fip/web/logon/lists/ and is forced upper case with .INTERNAL and .EXTERNAL extensions syntax is ; comment line name | password | pub | group to use | description or real name | buttons/usertype | wires | options | prefs currently only name, password and group is used logon-list-extra1: logon-list-extra2: (ext of list file) Two optional ext for extra logon files that are tested first eg logon-list-file:SUN logon-list-extra1:temp So there can be 2 or 3 logon list files : - SUN.TEMP will be checked first - then either SUN.INTERNAL or SUN.EXTERNAL depending on where the request is sourced. cookie-name: (name) default: fipCookie balance-group: (name) use this to balance cookies and codes between systems balance-fipid: (name) use this to balance Fipids between systems encrypt-password:yes/no password in either a single logon file or the logon-list can be encrypted or not default: no w4-extra-script: (FipSeq string) Run this script to get more attributes The script should return 0 for ok; any other is an error The following FipHdrs are available LL Logon LP Password LF Fipid LC Cookie LW Internal=0/External=1 flag LX TempFile name for the details to add to .map and .info This is read and the data merged with any other information eg w4-extra-script:/fip/local/fiplogonldap.pl logon=LL file=LX use-radius:no/yes We have already authenticated the logon, so just get the extra information default is NO auto-key: (string) auto-logon: (string) auto-password: (string) auto-pub: (string) auto-option: (string) Allow user to logon automatically if this passkey is used as the Fipid The logon and password are to be used for picking up the right logon file or logon-list enrty. There can be 19 different auto-keys default: none eg auto-key:Sunsentinel auto-logon:INTERNAL auto-password:SUNNY auto-pub is used to populate user-p8 and pub: for the info file auto-option: options include PFX = pub-prefix use-second-level-logon: (yes/no) This prompts for a 2nd level of authentication which is a one-time-used pad default: no If you use 'use-second-level-logon:yes' you need : sfflogon version 02d fip_logon2nd.pl fip_generatecodes.pl - background program to generate the codes admin_logon_listradius.pl admin_logon_radius.pl - to allow an administrator to generate 20 codes for a logon Set Variable in the script : $generateCodes = 1; Input Parameters are : Mandatory: -t : type default: w4 http - apache web server w4 - w4 logon file Either -f : fipid default: none Or -l : logon default: none -c : cookie to use/check default: none Or -l : logon default: none -w : password default: none Optional -d : full logon name default: none -s : remote host name or IPaddress default: none -p : remote host port number default: none -u : url default: none -g : Publication or organisation default: none -z : parameter file name in web/setup default: customer.setup if not default -v : print version no and exit (-s and -p and -u are used by type -t http) (-c and -f and -z are used by type -t w4 - default) For those switches with parameters, the parameter MUST be separated by a space. Other env varis can be used to define where the system is : SFF_HOME where the home or top queue is. default: /fip eg setenv SFF_HOME /ripexpress/underware SFF_LOG where the log files queue is default: (SFF_HOME)/log SFF_SPOOL where the data queues are default: (SFF_HOME)/spool SFF_TMP where the tmp data queues is default: (SFF_HOME)/x THIS MUST BE ON THE SAME UNIX VOLUME as SFF_SPOOL queues. ie if spools are on /data99 which is hard disk /dev/sd0, you MUST also have the TMP queue on the same disk/partition NOTE that for all BUT SFF_HOME, if the parameter starts with a '/' then it is a hard, absolute path; if not then the spool area is under SFF_HOME. eg setenv SFF_SPOOL /data7 will look under /data7 for queues while setenv SFF_SPOOL data7 will look under /fip/data7 Version Control ;002r2 17sep05 added 2nd level and blocks ;d-f added errors for logon/pad and balanced pad ;f added p10 and p11 ;g 29aug06 added w4-extra-script for LDAP etc and use-radius ;h-i 22sep06 Winnt version of pad ;j 24oct06 added -d for display name ;k 23jan07 check input field size ;l-m 10may07 added auto-key2-9 ;n 2aug07 added srfipcpy ;o1 30sep07 if setup/logon.radius.setup exists, use it for extra lIST fields ;p1 06dec07 read all logon file for Cookies/Shh too ;q2 24jan08 added auto-pub and auto-option ;r1-2 5jan14 added logon-list-extra1/2 ;001h 13may03 added w4 - cookies etc ;b 10jul03 allow more than 1 cookie ;c-d 21jul03 added expires... ;e 08mar04 added external address tracking ;f-h 26mar04 added logon-list-file ;000a 15dec02 original version (copyright) 2014 and previous years FingerPost Ltd.