HOME Community Articles Code Library People Mail Archive My Account Contribute PHP Jobs

Open Source Database Feature Comparison Matrix Try Declarative Programming with Annotations and Aspects Locate All Stored Procedures and Their Objects/SQL Tables Building a Stored Procedure Generator Making Tables Read-only in Oracle

24-hour Support Daily Backup Dedicated Servers JSP/Java Servlets PHP MySQL Streaming Audio/Video Telnet/SSH Unix Hosting 24-hour Support

From: Leif Jakob (jakob <email protected>)
Date: 05/24/00

• Next message: Michael Freund: "[phplib] Problem with $sess->add_query"
• Previous message: Rex Byrns: "[phplib] extending OOHforms?"
• In reply to: Joern Muehlencord: "[phplib] Session und login password"
• Next in thread: Kirk Ismay: "Re: [phplib] Session und login password"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, May 24, 2000 at 10:55:20AM +0200 Joern Muehlencord wrote:

> Date: Wed, May 24, 2000 at 10:55:20AM +0200
> From: Joern Muehlencord <jomu <email protected>>
> To: To phplib <email protected>
> Subject: [phplib] Session und login password

Hi List!

> How can make the linux system password and the phplib session password
> work together.
> Any ideas?

You probably know what you are doing because this could include some
serious security problems...

Write a homebrew PAM-Module (you can get a sceleton from me) that reads
special password-files like: /etc/passwords/<username>

That file includes just a MD5-Hash of the password. You maybe want
to write some SUID-somebody wrappers to check passwords and use the
syslog-facility? Checking and Changing is done from this wrappers
(donīt even have to run as root depending of /etc/passwords-perms).
The advantage of this concept is that you canīt have any
runtime-exploits (just ONE file could crash) and it's quite easy
to implement.
Disadvantage: If you use MD5 you canīt convert existing crypt-passwords.

The PHP-Part is easy: check/modify passwords with the wrappers (pipe
passwords in there - DON'T-USE CMDLINE) - you just have to switch
from SQL-SELECT-Auth to some external auth.

Leif Jakob
Internet Solutions

--
################################################################
# FAX/Voice : +49-251-211236 | Mobil : +49-173-4843986         #
# To get my PGP-Key send     | Admin of www.weite-welt.com     #
# message with subject :     | Visit my private homepage:      #
# GETPGPKEY                  | http://www.jakob.weite-welt.com #
################################################################
This mail was composed on a 100% M$ free system - Linux rules.
If a system ain't broke, it doesn't have enough featues yet.
---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>

• Next message: Michael Freund: "[phplib] Problem with $sess->add_query"
• Previous message: Rex Byrns: "[phplib] extending OOHforms?"
• In reply to: Joern Muehlencord: "[phplib] Session und login password"
• Next in thread: Kirk Ismay: "Re: [phplib] Session und login password"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]