Skip to content

Authentication Options

Jason Munro edited this page Aug 1, 2017 · 10 revisions

Summary

Cypht supports a number of different authentication methods out of the box. You can also create your own authentication method with the site module set. Remember that after making any changes to your hm3.ini file, you must rerun the scripts/config_gen.php script to update your site configuration.

IMAP

Most webmail programs use this type of authentication. The username and password entered into the login form are passed to a pre-configured IMAP server. If the IMAP server returns success, the user is logged into the web application. When using IMAP authentication in Cypht, the IMAP server will automatically be added to the list of accounts the user can access. To use IMAP authentication, set the auth_type value in your hm3.ini file to IMAP, and configure the following settings:

The name assigned to the server after you login

imap_auth_name=localhost

The hostname or IP address of the IMAP server

imap_auth_server=localhost

The port the IMAP server is listening on

imap_auth_port=143

True or false if the IMAP service is over TLS (blank is the same as false)

imap_auth_tls=

POP3

POP3 authentication is exactly like IMAP except of course it uses a pre-configured POP3 server to validate the user and password. Change the auth_type to POP3 in your hm3.ini, and configure the following settings:

The name assigned to the server after you login

pop3_auth_name=localhost

The hostname or IP address of the POP3 server

pop3_auth_server=localhost

The port the POP3 server is listening on

pop3_auth_port=110

True or false if the POP3 service is over TLS (blank is the same as false)

pop3_auth_tls=

LDAP

Cypht can attempt to bind to an LDAP server to perform authentication. In order to use this you must set the auth_type to LDAP and configure the following settings:

The hostname or IP address of the LDAP server to authenticate to

ldap_auth_server=localhost

The port the LDAP server is listening on.

ldap_auth_port=389

Enable TLS/SSL connections. Leave blank or set to false to disable. Set to true to enable TLS connections.

ldap_auth_tls=

The "base dn" of the LDAP server

ldap_auth_base_dn="example,dc=com"

Database

Using a database to authenticate is a little harder to setup, but is a flexible way to configure logins. Using this authentication also allows you to create, delete, or change the account passwords using CLI scripts included in Cypht. Database access is done using PHP PDO, so any database back-end supported by PDO can be used. You will have to manually create the database and table. Examples for Mysql, Postgresql, and Sqlite are included in the hm3.sample.ini file. To use a database for authentication, set the auth_type value to DB in your hm3.ini file, and configure the following settings:

Connection type. Can be "host" to connect to a hostname, or "socket" to connect to a unix socket.

db_connection_type=host

Database host name or ip address. If db_connection_type is set to "socket", this value is ignored

db_host=127.0.0.1

If db_connection_type is set to "socket", this should be the filesystem location of the unix socket file. If db_connection_type is set to "host" this value is ignored.

db_socket=/var/lib/mysqld/mysqld.sock

Name of the database with the required tables

db_name=test

User to connect to the database with

db_user=test

Password to connect to the database with

db_pass=123456

Database type. can be any supported PDO driver ; (http://php.net/manual/en/pdo.drivers.php)

db_driver=mysql

Then create the required table to hold users. Mysql/Sqlite and Postgresql examples can be found in the hm3.sample.ini (https://github.com/jasonmunro/cypht/blob/master/hm3.sample.ini) file. Here is the Mysql table definition:

CREATE TABLE hm_user (username varchar(250), hash varchar(250), primary key (username));

Cypht includes 3 scripts to manage users from the command line:

php ./scripts/create_account.php <username> <password>
php ./scripts/delete_account.php <username>
php ./scripts/update_password.php <username> <password>

Dynamic

The dynamic module set allows users to authenticate against major E-mail providers, or to derive the E-mail server to login to using the site address, or by trying to auto-detect the correct mail server based on the domain used in the username. To use the dynamic login module set, you need to set the auth_type in your hm3.ini file to dynamic, and enable the dyanamic_login module. Then you need to edit the module specific ini file, move it to your app_data_dir as defined in your hm3.ini file, and rerun the config gen script. Details about the module specific settings can be found in the comments of the ini file here: https://github.com/jasonmunro/cypht/blob/master/modules/dynamic_login/dynamic_login.ini

Custom

Need more flexibility? You can write your own authentication method for Cypht using the site module set. Set the auth_type setting in your hm3.ini file to custom, and enable the site module set. Next edit the modules/site/libs.php file: https://github.com/jasonmunro/cypht/blob/master/modules/site/lib.php#L101 This file contains a class called Custom_Auth, with a method called check_credentials that takes a username and password. This is where you can add your own custom logic to validate a login. Returning true from that method will log a user in, false will deny access.