I'm trying to create a web-based login which authenticates against a Linux /etc/shadow file. Obviously, users who log into the website will have a shell account on the Linux server.
1. Doesn't Linux use MD5 password encryption?
2. HOw can I get my PHP script to access the /etc/shadow file which only has root readable permissions?
3. So I'll probabaly have to encrypt the user submitted password using md5() and string compare against the /etc/shadow. But first have to use regular expression utilities to pull the correct field out of /etc/shadow?
Am I on track? If anyone has already done this and would be willing to share war stories or hints, (or even CODE!!), I would be very much obliged!
Thank you,
Bryan Capitano
1. Doesn't Linux use MD5 password encryption?
2. HOw can I get my PHP script to access the /etc/shadow file which only has root readable permissions?
3. So I'll probabaly have to encrypt the user submitted password using md5() and string compare against the /etc/shadow. But first have to use regular expression utilities to pull the correct field out of /etc/shadow?
Am I on track? If anyone has already done this and would be willing to share war stories or hints, (or even CODE!!), I would be very much obliged!
Thank you,
Bryan Capitano