Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

authentication -- php/ shell script 1

Status
Not open for further replies.
sonun

sonun

IS-IT--Management
Dec 26, 2001
384
US
I have a web-page which I want to restrict to the users defined only in /etc/passwd. I run RH7.2 which stores usernames and their encrypted passwords. I am using php for the fornt-end of my web-page.
Is there a way of checking the username and password the user is made to enter in a pop-up or whatever against the existing acounts in the local password file or in the nis file.
I guess if I am using apache, theres the htaccess thing also, but I ust wanted to get around the bother of having the users to get around creating another accpunt for themselves and use the existing nis accounts.
Thanks.
 
Sort by date Sort by votes
If you are using RH7.2, unless you specifically disabled the feature, you are actually authenticating against /etc/shadow. And /etc/shadow is readable only by root. This is by design and a good idea.

There is mod_auth_pam available, but it requires that you change the group ownership of /etc/shadow and make Apache run as a member of that group. This weakens system security, but by how much is in debate. But here it is:

There's also mod_auth_external, which causes Apache to authenticate against an external program. You will have the overhead of having an external program's being invoked, but you can then run an app or script that has been suid-rooted to check /etc/shadow
______________________________________________________________________
Perfection in engineering does not happen when there is nothing more to add.
Rather it happens when there is nothing more to take away.
 
Upvote 0 Downvote
Quality answer :) ***************************************
Party on, dudes!
[cannon]
 
Upvote 0 Downvote
I have disabled the shadow password feature !!
So its just /etd passwd for me.
Basically I think I can use a combination of grep. sed and awk to get the usernames and their encrypted passwords which would be in a file.
Then I would prompt the user to enter his username and password, which would then be compared against contents of the file (after encrpting the password entered of course). I know of this encoding feature in php. But I am not sure whether encode(password) will always be the same as encrypt(password).
Thanks.
 
Upvote 0 Downvote
Instead of storing names and passwords in a text file you could consider the advantages of using mysql for your login authentication.

Its tricky one having accounts already but if they are only web based maybe moving wouldn't be so bad.

If they must stay as shell accounts, be as security conscious as possible. ***************************************
Party on, dudes!
[cannon]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

cdlvj
  • Question
PHP Debugging
Replies
0
Views
104
cdlvj
cdlvj
PeDa
  • Locked
  • Question
Basic Authentication fails to authenicate
Replies
0
Views
183
PeDa
PeDa
sugram
  • Locked
  • Question
how start a second shell script
Replies
0
Views
112
sugram
sugram
SashaBuilder3
  • Locked
  • Question
import CSV file into MySql table in PhpMyAdmin
Replies
0
Views
372
SashaBuilder3
SashaBuilder3
PeDa
  • Locked
  • Question
Unwanted spaces in php HTML mail 1
Replies
4
Views
309
PeDa
PeDa

Part and Inventory Search

Sponsor

Back
Top