PHP authenticate against Linux /etc/shadow

[capitano]

I'm trying to create a web-based (PHP)login which authenticates against a Linux /etc/shadow file. Users who log into the website will have a shell account on the Linux server.

1. Doesn't Linux use MD5 password encryption?
2. HOw can I get my PHP script to access the /etc/shadow file which only has root readable permissions?
3. I know MD5 is a "one-way" hashing algorithm. So I'll probabaly have to encrypt the user submitted password using md5() and string compare against the /etc/shadow. But first have to use regular expression utilities to pull the correct field out of /etc/shadow?

Am I on track? If anyone has already done this and would be willing to share war stories or hints, (or even CODE!!), I would be very much obliged!

Thank you,

Bryan Capitano

 

[marsd]

Some people would consider shadow access like this a
big problem. Fist you would need a process that has root
privileges at some point.
A core dump splashes your encrypted passwords somewhere..
race condition gives someone root.., etc..
These things are possible.

You could just create a flat file and generate a name:
password match for all the users on your system using a
cipher of your choice. Like .htaccess files. It would
be much simpler and less dangerous.

My .02 cents