Possible to make dacscheck case insensitive?

  • EMS

    EMS - 2012-06-28

    Some of our users enter their passwords in all lowercase, others use all uppercase. Our authentication systems aren't case-sensitive, so they can all log in, but DACS is getting cranky.

    I fixed half of the problem by setting NAME_COMPARE to "nocase" in our configuration file, but we've got a gizmo that uses dacscheck for some things, and dacscheck doesn't read the configuration file.

    Is there any way to tell dacscheck to do case insensitive comparisons for usernames? It looks like I could add "nocase" to every user entry in every ACL, but that seems like a pretty big hassle.

  • Barry Brachman

    Barry Brachman - 2012-06-28

    It appears that you are correct - at present there is no runtime way to globally change dacscheck's handling
    of case sensitivity with respect to username comparisons.  Explicitly specifying case-insensitive comparisons
    in access control rules in every instance would be a pain and prone to error.

    One solution is to add a command line flag to dacscheck to specify the setting for NAME_COMPARE,
    and that will be done for the next release of DACS unless we come up with a better idea.

    In the meantime, if you know that NAME_COMPARE can always safely be "nocase" in your deployment, you can
    rebuild DACS to use "nocase" as the default value.  This is easy to do.  Edit include/local.h in the DACS distribution
    and change:
    Then "make clean" and "make install".
    Be sure to test that this change does not break anything.

    Thanks for your question.



Log in to post a comment.