Security Settings

The File Submission System
	Security Settings

These are security-related configuration variables.

UID_MIN In Makefile Configured by setup.pl
UID_MAX In Makefile Configured by setup.pl

These define a range of UID values for accounts which are allowed to use the system. Generally, these are user accounts rather than system accounts. The values of UID_MIN and UID_MAX should generally agree with those in /etc/login.def, which are the values obtained by setup.pl.

VALID_TIME In submit.conf

This is the amount of time in seconds that a web login is valid. After this amount of time, the user is asked to log in again before any operation will be performed. The current default in the distribution is 1800, which is half an hour.

MIN_PASS_LEN In submit.conf

The minimum length which the change password routine will accept. Currently defaults to a paltry 5 characters.

AUTH_LOG In submit.conf Configured by setup.pl
KEEP_SECURE In submit.conf
SUBM_SECURE In submit.conf
DLD_SECURE In submit.conf

These are boolean values (set as 1 or 0) which control whether the system uses HTTPS in various circumstances. If AUTH_LOG is set, the system uses HTTPS to transmit passwords when logging in. If KEEP_SECURE is set, the assignment editor will stay in encrypted mode. If DLD_SECURE is set, then the instructor's downloads of submitted files will be encrypted, and if SUBM_SECURE is set, the student's uploads are likewise protected. These are off by default, though the setup script will turn on AUTH_LOG if it thinks you are running HTTPS on your server.
To make any of these work, you must configure your web server to accept HTTPS connections. If you don't have HTTPS available, simply set all these to false, and the system will work fine, though passwords will be transmitted in plain. If you use both forms (if these variables are not all set the same), the submit system assumes both services are running on the same machine.

The File Submission System

Security Settings