Tectia Server allows using an external application to supplement authentication. This also makes it possible to use information stored in an external database to allow access for specific users.
The external application, which may be written in any programming language suitable for the task, talks to Tectia Server using the Tectia Mapper Protocol. (For more information on the protocol, see Appendix E.)
The
path to the external application is defined in the ssh-server-config.xml
file within an authentication
block, using the
mapper
element's command
attribute.
Caution | |
---|---|
The external application will be launched under administrator (root) privileges. |
Tectia Server sends data from its blackboard to the external application. For a detailed description of the data that the server sends, see mapper in ssh-server-config(5). The data that the external application sends back to Tectia Server will be stored in the server's blackboard.
For the authentication to succeed, the external application must
return "success
" and an exit status 0. For more information on the parameters
allowed by Tectia Mapper Protocol, see Parameters.
Sample scripts written in Python are provided in /etc/ssh2/samples
on Unix and <INSTALLDIR>\SSH Tectia AUX\samples
on Windows.