1

I am writing a Delphi application that allows a user to connect to an AIX system to perform various tasks.

I need to allow a user to sign on to the AIX system before they are allowed to do anything, so I need a method by which their username/password can be authenticated.

I had initially thought that I could display a sign on screen where they would enter their username and password, then establish an FTP connection (or Telnet, or something similar) with the AIX system, but this would not be a reliable method as the functionality may be locked down (eg. FTP port blocked etc.) which would obviously result in a failed sign on despite the username/password credentials being correct.

The bottom line is this: How can I authenticate a user's username/password against an AIX user account by using Delphi? A colleague suggested that using SSH might work, but I suppose I'd need a 3rd party component for that (if one exists). I am using Delphi 2009 Pro.

Jeedee
  • 548
  • 5
  • 24
  • Authentication aside, what communication protocol will you be using to do the actual work on the AIX system? ssh? http? https? ftp? telnet? other sockets? The authentication should be built around the protocol doing the work, not the other way around. – Chris Thornton Jun 10 '10 at 14:13
  • I'm running SQL queries over a MySQL database hosted on an AIX box. There is authentication built in to the MySQL database, but the user requirement is that anyone wanting to run queries must have a valid AIX username/password. As the two are separate, although I can authenticate against MySQL, I still have no way of authenticating the username/password against the AIX user profiles. – Jeedee Jun 10 '10 at 14:26
  • Look and see if MySQL has a capability for os-level authentication. I've worked on projects with oracle/AIX where we did it that way. IMO, trying to do it your way (delphi app authenticates somehow and then runs the query against the unprotected MySQL database) is not safe. A malicious user could just bypass your app and run queries with MS Query, or other tools. – Chris Thornton Jun 10 '10 at 15:24
  • @Chris - The MySQL database is protected. The signon that I need to implement adds an extra layer of security, rather than being the only means of securing access. There is a MySQL user/password hard wired into my application which I use to authenticate all queries that I run. The AIX signon is intended to let people get into the application in the first place. Good idea about OS-level authentication within MySQL though. I'll look into that. – Jeedee Jun 15 '10 at 14:25

1 Answers1

0

AIX supports Kerberos, you only need a Kerberos client for Delphi.

See

How can I get a Kerberos ticket with Delphi?

Kerberos (pronounced /ˈkɛərbərəs/) is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner.

Community
  • 1
  • 1
mjn
  • 36,362
  • 28
  • 176
  • 378