Some of our users enter their passwords in all lowercase, others use all uppercase. Our authentication systems aren't case-sensitive, so they can all log in, but DACS is getting cranky.
I fixed half of the problem by setting NAME_COMPARE to "nocase" in our configuration file, but we've got a gizmo that uses dacscheck for some things, and dacscheck doesn't read the configuration file.
Is there any way to tell dacscheck to do case insensitive comparisons for usernames? It looks like I could add "nocase" to every user entry in every ACL, but that seems like a pretty big hassle.
It appears that you are correct - at present there is no runtime way to globally change dacscheck's handling
of case sensitivity with respect to username comparisons. Explicitly specifying case-insensitive comparisons
in access control rules in every instance would be a pain and prone to error.
One solution is to add a command line flag to dacscheck to specify the setting for NAME_COMPARE,
and that will be done for the next release of DACS unless we come up with a better idea.
In the meantime, if you know that NAME_COMPARE can always safely be "nocase" in your deployment, you can
rebuild DACS to use "nocase" as the default value. This is easy to do. Edit include/local.h in the DACS distribution
DACS_NAME_CMP_DEFAULT = DACS_NAME_CMP_CASE
DACS_NAME_CMP_DEFAULT = DACS_NAME_CMP_NOCASE
Then "make clean" and "make install".
Be sure to test that this change does not break anything.
Thanks for your question.
Log in to post a comment.