Supplementing Authentication with an External Application

Example with Certificate Authentication
Example with Password Authentication

Tectia Server allows using an external application to supplement authentication. This also makes it possible to use information stored in an external database to allow access for specific users.

The external application, which may be written in any programming language suitable for the task, talks to Tectia Server using the Tectia Mapper Protocol. (For more information on the protocol, see Appendix E.)

The path to the external application is defined in the ssh-server-config.xml file within an authentication block, using the mapper element's command attribute.

The external application will be launched under administrator (root) privileges.

Tectia Server sends data from its blackboard to the external application. For a detailed description of the data that the server sends, see mapper in ssh-server-config(5). The data that the external application sends back to Tectia Server will be stored in the server's blackboard.

For the authentication to succeed, the external application must return "success" and an exit status 0. For more information on the parameters allowed by Tectia Mapper Protocol, see Parameters.

Sample scripts written in Python are provided in /etc/ssh2/samples on Unix and <INSTALLDIR>\SSH Tectia AUX\samples on Windows.