PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

PHP and Classes
Making forms object-oriented
PHP & Java
Table types in MySQL: Part 2 - InnoDB Tables
Storing Binary Data In a DB

Re: [phplib] authentication via /etc/passwd From: Jon Gale (jgale <email protected>)
Date: 11/07/00

Next message: Marko Kaening: "RE: [phplib] phplib + apache + ssl -> problem solved, BUT WHY? (fwd)"
Previous message: Mitchell Hagerty: "Re: [phplib] authentication via /etc/passwd"
In reply to: Mitchell Hagerty: "Re: [phplib] authentication via /etc/passwd"
Next in thread: Jens Benecke: "Re: [phplib] authentication via /etc/passwd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mitchell,

I think my last email answered the question, but just to clarify: passwords
in /etc/shadow are UNIX crypt-ed. The first two characters of the encrypted
password is the "salt" (random characters to seed the crypt engine) that was
used to encrypt the password. Therefore all you have to do is crypt the
user supplied password with the same "salt" characters and compare the two
encrypted strings. If they match, you're golden!

Jon

Mitchell Hagerty wrote:

> What I was thinking was parsing the /etc/passwd /etc/shadow
> excluding root into a mysql table via a cron job. But im not
> sure how the actual compare would work and wanted to see if
> anyone else had tried something similiar. This way peoples
> network logins would work for the web and it would only take
> say 30 minutes after a changed passwd for a weblogin to
> work again.
>
> Thoughts?
>
> Mitch
> >
> > Hi Mitchell!
> >
> > > I've written my app to use phplib session handling
> > > but I would like to use the login/passwd in the
> > > /etc/passwd file for authentication.
> > >
> > > Any thoughts on how to do this? Had it been done?
> >
> > I don't think so, you could test this users very easy with a quick
> > POP3- or FTP-Login using native PHP-sockets. But if you mean REAL
> > /etc/passwd-checks (no /etc/shaddow) it's even more easy but what kind
> > of systems still use this method? To get access to shaddow you need
> > root-privileges and this will only be possible with IPC or
> > suid-root-binaries (a bad choice).
> >
> > Leif
> >
> > --------------------------------------------------------------------
> > -
> > To unsubscribe, e-mail: phplib-unsubscribe <email protected>
> > For additional commands, e-mail: phplib-help <email protected>
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: phplib-unsubscribe <email protected>
> For additional commands, e-mail: phplib-help <email protected>

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>

Next message: Marko Kaening: "RE: [phplib] phplib + apache + ssl -> problem solved, BUT WHY? (fwd)"
Previous message: Mitchell Hagerty: "Re: [phplib] authentication via /etc/passwd"
In reply to: Mitchell Hagerty: "Re: [phplib] authentication via /etc/passwd"
Next in thread: Jens Benecke: "Re: [phplib] authentication via /etc/passwd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]