Authenticating against Linux User.

Hi,

I'm looking for a Tutorial about Authenticating using PHP and Linux User
Accounts. Can some one point me in the right direction?

Smitro

Smitro <nospam@myh0use.c0m> wrote:[color=blue]
> I'm looking for a Tutorial about Authenticating using PHP and Linux User
> Accounts. Can some one point me in the right direction?[/color]

That can be done at more than 1 level. If sasl is installed you coud use
http://www.phpclasses.org/sasl otherwise pam, or try to figure out how
the hashed passwd is stored and do the same encryption in php
(mcrypt/des/md5 (depends on system)). If the system is running imap/pop
for local users you could try to authentitcate against those services.

In article <42437e52$1@quokka.wn.com.au>, Smitro <nospam@myh0use.c0m>
wrote:
[color=blue]
> Hi,
>
> I'm looking for a Tutorial about Authenticating using PHP and Linux User
> Accounts. Can some one point me in the right direction?
>
> Smitro[/color]

First off, php is a scripting language which can be used to create
dynamic web sites. The web server can be used to do authentication
(i.e. htaccess), but php can be used in it's place to authenticate in
it's place. I'd start by reading up on sessions either on the web or in
your php books. http://shiflett.org/articles has lots of great articles.

You don't typically authenticate against a user account when accessing a
web site. What are you trying to do?

--
DeeDee, don't press that button! DeeDee! NO! Dee...

Michael Vilain wrote:[color=blue]
> In article <42437e52$1@quokka.wn.com.au>, Smitro <nospam@myh0use.c0m>
> wrote:
>
>[color=green]
>>Hi,
>>
>>I'm looking for a Tutorial about Authenticating using PHP and Linux User
>>Accounts. Can some one point me in the right direction?
>>
>>Smitro[/color]
>
>
> First off, php is a scripting language which can be used to create
> dynamic web sites. The web server can be used to do authentication
> (i.e. htaccess), but php can be used in it's place to authenticate in
> it's place. I'd start by reading up on sessions either on the web or in
> your php books. http://shiflett.org/articles has lots of great articles.
>
> You don't typically authenticate against a user account when accessing a
> web site. What are you trying to do?
>[/color]

I already have a mail server and other services all setup to use the
Linux users. I had a bit of a think about it, and I'm a think about it
since my last post and I have set it up to authenticating against the
mail server. I just need something that says yes they are a user of this
system or not. if so, display this page.. Think I've figured it all out
now, thanks for your help.

On Fri, 25 Mar 2005 14:15:51 +1000, Smitro wrote:
[color=blue]
> Michael Vilain wrote:[color=green]
>> In article <42437e52$1@quokka.wn.com.au>, Smitro <nospam@myh0use.c0m>
>> wrote:
>>
>>[color=darkred]
>>>Hi,
>>>
>>>I'm looking for a Tutorial about Authenticating using PHP and Linux User
>>>Accounts. Can some one point me in the right direction?
>>>
>>>Smitro[/color]
>>
>>
>> First off, php is a scripting language which can be used to create
>> dynamic web sites. The web server can be used to do authentication
>> (i.e. htaccess), but php can be used in it's place to authenticate in
>> it's place. I'd start by reading up on sessions either on the web or in
>> your php books. http://shiflett.org/articles has lots of great articles.
>>
>> You don't typically authenticate against a user account when accessing a
>> web site. What are you trying to do?
>>[/color]
>
> I already have a mail server and other services all setup to use the
> Linux users. I had a bit of a think about it, and I'm a think about it
> since my last post and I have set it up to authenticating against the
> mail server. I just need something that says yes they are a user of this
> system or not. if so, display this page.. Think I've figured it all out
> now, thanks for your help.[/color]

I think you need to do some more reading. Mail services may well use the
system services to authentigate against, but they do *not* provide
authentication services for anything.

Look at PAM, for example.

Steve

*** Smitro escribió/wrote (Fri, 25 Mar 2005 12:55:25 +1000):[color=blue]
> I'm looking for a Tutorial about Authenticating using PHP and Linux User
> Accounts. Can some one point me in the right direction?[/color]

I haven't tried myself but the "POSIX Functions" chapter in PHP manual
seems promising. Also, there're some user comments in the posix_getpwnam()
page:


"To check passwords on a Unix-box, look at the mod_auth_external module for
Apache, it uses external programs to do the real job. The server won't ever
read the encrypted password.
One of them, pwauth, can be configured to use PAM or whatever is used on
your system. Users that can run this program are configured at compile
time. And this program can be called from PHP with exec(...)."

"Use the PHP PAM module
http://www.math.ohio-state.edu/~ccunning/pam_auth/"



--
-+ Álvaro G. Vicario - Burgos, Spain
+- http://www.demogracia.com (la web de humor barnizada para la intemperie)
++ No envíes tu dudas a mi correo, publícalas en el grupo
-+ Do not send me your questions, post them to the group
--

Alvaro G. Vicario wrote:
[color=blue]
> *** Smitro escribió/wrote (Fri, 25 Mar 2005 12:55:25 +1000):[color=green]
>> I'm looking for a Tutorial about Authenticating using PHP and Linux User
>> Accounts. Can some one point me in the right direction?[/color]
>
>
> "To check passwords on a Unix-box, look at the mod_auth_external module
> for Apache, it uses external programs to do the real job. The server won't
> ever read the encrypted password.
> One of them, pwauth, can be configured to use PAM or whatever is used on
> your system. Users that can run this program are configured at compile
> time. And this program can be called from PHP with exec(...)."
>[/color]

No, although PAM can be used with an encrypted password, the dialog with the
user facing application would be very tricky to implement, and AFAIK has
never been done. Effectively, if you want to use PAM, you need to invoke it
with an un-encrypted password.

It should be possible to do a double challenge-hash to authenticate against
conventional /etc/passwd or /etc/shadow or even NIS password databases
without sending a cleartext password nor the system being vulnerable to
replay attacks (there's certainly a Javascript version of MD5, and a quick
google suggests crypt has been ported too).

It's rather an indirect solution though - SSL make life a lot simpler - then
just invoke the right PAM stack. There are a few stand-alone programs which
will do the PAM thing for you (but they're not that hard to write). There
used to be one shipped with squid.

HTH

C.