[Newsletter] MOSXSWebPassword and some more Plone sites (#8)
Paul Suh
paul.suh at ps-enable.com
Tue Sep 12 01:30:31 EDT 2006
Folks,
Mac OS X Server Web Password 1.0
--------------------------------------------------
I've updated my Mac OS X Server Web Password application so that the
installer package now works properly, and added a page where an
administrator can reset a user's password. If you're already using
version 0.9, the upgrade should just go on top of the existing
package seamlessly.
The application is written in WebObjects, which is in turn based on
Java. This is nice from a number of points of view, but for changing
passwords it has one serious downside: you can't make any system
calls directly. One of the key points behind Java is that it runs the
same anywhere -- on a Mac, on a Windows server, on a Linux box, on a
Solaris box; but this means that you can't make operating-system
specific calls from your Java code directly. You need to use the Java-
Native Interface (JNI) to make operating system calls, which is what
I did in the files OpenDirJNI.c and OpenDirJNI.java.
An alternative approach would be to call the passwd binary from
within the WebObjects application. However, this has a serious
security hole -- if someone is in a position to run /bin/ps on your
server at the right time, they might be able to see the user's new
password being passed as a command line argument to passwd. I use
direct Open Directory API calls instead, which don't have this
vulnerability.
Using the Open Directory API's also opens up a set of tricks that you
couldn't do using passwd. If your Mac OS X Server is bound to an
Active Directory domain, Mac and Windows users can use the web page
to change their AD passwords by editing the file /Library/WebObjects/
Applications/MOSXSWebPassword.woa/Contents/Resources/Properties.
Change the line that reads:
directoryNodeList=("/NetInfo/root","/LDAPv3/127.0.0.1")
to read:
directoryNodeList=("/NetInfo/root","/ActiveDirectory/AllDomains")
then stop and re-start the WebObjects service in Server Admin.
If your web server is not your Open Directory master, change the
LDAPv3 entry so that it points at the correct LDAP server. E.g., if
your OD master is at 192.168.17.33, then change the directoryNodeList
to be:
directoryNodeList=("/NetInfo/root","/LDAPv3/192.168.17.33")
then stop and restart the WebObjects service.
It's free, released under the GNU GPL, and source code is available.
Give it a try and let me know how it works for you. You can download
it from my website at:
http://ps-enable.com/software/MOSXSWebPassword_1_0.dmg/view
Plone Sites
-----------------
Just to give you an idea of what you can do with Plone, here are a
few Plone sites that I've set up recently:
http://ncac-cubscoutspack8.org/
http://ccespta.org/
http://btrcapitalgroup.com/
The ccespta.org website is the closest to the basic Plone appearance,
with only a change to the logo graphic and some re-ordering of the
portlets in the left and right columns. The ncac-cubscoutspack8.org
website is a more radical makeover, with some serious CSS work to
change the color scheme and some workflow security work to hide some
folders. In particular, there are members-only folders that don't
appear to people who are not logged into the website. The
btrcapitalgroup.com website is a full appearance makeover, with heavy
CSS modifications and graphic design work.
The cub scouts website is hosted on a Mac Mini, with another Mac Mini
serving as a caching front end. The other two websites are hosted at
highspeedrails.com, using their Starter service at $340 per year.
It's a pretty affordable way to set up a website where all you need
is the ability to use Word in order to maintain the content on the
website.
--Paul
Paul Suh
http://www.ps-enable.com/
paul.suh at ps-enable.com (240) 672-4212
More information about the Newsletter
mailing list