Authenticating against Linux User.

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


I'm looking for a Tutorial about Authenticating using PHP and Linux User
Accounts. Can some one point me in the right direction?


Re: Authenticating against Linux User.


Quoted text here. Click to load it

First off, php is a scripting language which can be used to create
dynamic web sites.  The web server can be used to do authentication
(i.e. htaccess), but php can be used in it's place to authenticate in
it's place.  I'd start by reading up on sessions either on the web or in
your php books. has lots of great articles.

You don't typically authenticate against a user account when accessing a
web site.  What are you trying to do?

DeeDee, don't press that button!  DeeDee!  NO!  Dee...

Re: Authenticating against Linux User.

Michael Vilain wrote:
Quoted text here. Click to load it

I already have a mail server and other services all setup to use the
Linux users. I had a bit of a think about it, and I'm a think about it
since my last post  and I have set it up to authenticating against the
mail server. I just need something that says yes they are a user of this
system or not. if so, display this page.. Think I've figured it all out
now, thanks for your help.

Re: Authenticating against Linux User.

On Fri, 25 Mar 2005 14:15:51 +1000, Smitro wrote:

Quoted text here. Click to load it

I think you need to do some more reading. Mail services may well use the
system services to authentigate against, but they do *not* provide
authentication services for anything.

Look at PAM, for example.


Re: Authenticating against Linux User.

Quoted text here. Click to load it

That can be done at more than 1 level. If sasl is installed you coud use otherwise pam, or try to figure out how
the hashed passwd is stored and do the same encryption in php
(mcrypt/des/md5 (depends on system)). If the system is running imap/pop
for local users you could try to authentitcate against those services.

Re: Authenticating against Linux User.

*** Smitro escribió/wrote (Fri, 25 Mar 2005 12:55:25 +1000):
Quoted text here. Click to load it

I haven't tried myself but the "POSIX Functions" chapter in PHP manual
seems promising. Also, there're some user comments in the posix_getpwnam()

"To check passwords on a Unix-box, look at the mod_auth_external module for
Apache, it uses external programs to do the real job. The server won't ever
read the encrypted password.
One of them, pwauth, can be configured to use PAM or whatever is used on
your system. Users that can run this program are configured at compile
time. And this program can be called from PHP with exec(...)."

"Use the PHP PAM module /"

-+ Álvaro G. Vicario - Burgos, Spain
+- (la web de humor barnizada para la intemperie)
++ No envíes tu dudas a mi correo, publícalas en el grupo
-+ Do not send me your questions, post them to the group

Re: Authenticating against Linux User.

Alvaro G. Vicario wrote:

Quoted text here. Click to load it

No, although PAM can be used with an encrypted password, the dialog with the
user facing application would be very tricky to implement, and AFAIK has
never been done. Effectively, if you want to use PAM, you need to invoke it
with an un-encrypted password.

It should be possible to do a double challenge-hash to authenticate against
conventional /etc/passwd or /etc/shadow or even NIS password databases
without sending a cleartext password nor the system being vulnerable to
replay attacks (there's certainly a Javascript version of MD5, and a quick
google suggests crypt has been ported too).

It's rather an indirect solution though - SSL make life a lot simpler - then
just invoke the right PAM stack. There are a few stand-alone programs which
will do the PAM thing for you (but they're not that hard to write). There
used to be one shipped with squid.



Site Timeline