Re: [phplib] authentication via /etc/passwd From: Jon Gale (jgale <email protected>)
Date: 11/07/00

Mitchell,

If your passwords are shadowed (/etc/shadow) then you may have a
problem. Only the root user can read the /etc/shadow file so you would
have to use some sort of su wrapper to get at the shadowed passwords. If
your passwords are in fact in the /etc/passwd file (nis style) then you
can do something like this:

    $user = USERNAME SUBMITTED FROM FORM;
    $password = PASSWORD SUBMITTED FROM FORM;
    $autharray = file("/etc/passwd");

    for ($x = 0; $x < count($autharray); $x++)
    {
        if (eregi("^$user:", $autharray[$x]))
        {
            $passwd = explode(":", $autharray[$x]);
            $salt = substr($passwd[1],0,2);
            $cryptpw = crypt($pass,$salt);
            if ($cryptpw == $passwd[1])
                // Login OK
           else
                // Login failed
        }
    }

I got around the issue of shadowed passwords by creating a
/etc/passwd.httpd file from the /etc/passwd and /etc/shadow files each
night. Change the owner of this file to the webserver user (usually
nobody) and chmod it 0400. This gives you a bit of security on the new
file.

I can send you a PERL script that creates the /etc/passwd.httpd file if
you are interested.

Jon

Mitchell Hagerty wrote:

> I've written my app to use phplib session handling
> but I would like to use the login/passwd in the
> /etc/passwd file for authentication.
>
> Any thoughts on how to do this? Had it been done?
>
> Mitch
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: phplib-unsubscribe <email protected>
> For additional commands, e-mail: phplib-help <email protected>

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>