We're working on an intranet site where we will require user's to only
be able to access their own page in some instances. Rather than
introducing another password to the mix, we were thinking about seeing
if we could use the same credentials (username and password) as their
linux credentials. The web site will be running off of the same machine
that we want to access the credentials on.
Thanx!
-joltman
13  4262 
joltman, We're working on an intranet site where we will require user's to only
be able to access their own page in some instances. Rather than
introducing another password to the mix, we were thinking about seeing
if we could use the same credentials (username and password) as their
linux credentials. The web site will be running off of the same machine
that we want to access the credentials on.
I would advice against this as PHP/Apache would need read access to the
linux password file. Although it is possible. You would read the linux
password file with the usernames and passwords and use the same
algorithm for checking the passwords.
I forget exactly how the algorithm for checking works but you can do a
google search and find it.
Mike
joltman wrote:
We're working on an intranet site where we will require user's to
only be able to access their own page in some instances. Rather than
introducing another password to the mix, we were thinking about
seeing if we could use the same credentials (username and password) as their
linux credentials. The web site will be running off of the same
machine that we want to access the credentials on.
The credentials (the user name and encrypted password) are available
for reading from Linux password file, /etc/password. If you know
what encryption is used on your Linux system and can reproduce it
with PHP, you should be able to authenticate against Linux' user
database.
As to being able "require users to only be able to access their own
page", this is going to be slightly more complicated. Usually, PHP
is configured as an Apache module, so any PHP application runs with
Apache's credentials. So you will have to either put access control
into your application logic or figure out a way to start your
application as a CGI program on behalf of a particular user...
Cheers,
NC
joltman <jo*****@geocit ies.com> wrote: We're working on an intranet site where we will require user's to only
be able to access their own page in some instances. Rather than
introducing another password to the mix, we were thinking about seeing
if we could use the same credentials (username and password) as their
linux credentials. The web site will be running off of the same machine
that we want to access the credentials on.
It's possible but like others have already stated: potenitally dangerous
since apache needs to be able to read the password files (/etc/shadow in
most cases). So use with care: http://pam.sourceforge.net/mod_auth_pam/
joltman wrote: We're working on an intranet site where we will require user's to only
be able to access their own page in some instances. Rather than
introducing another password to the mix, we were thinking about seeing
if we could use the same credentials (username and password) as their
linux credentials. The web site will be running off of the same machine
that we want to access the credentials on.
Do the users log in via samba by any chance? if so, you might be able to
use something like winbind and htaccess to authenticate the users.
Obviously wouldn't work outside of the local samba network, though.
Well, they would be logging in from a Windows machine, if that would
work the same way as samba. It wouldn't be a problem only working in
the network, as that's the only place it will be used anyway.
joltman (jo*****@geocit ies.com) wrote:
: Well, they would be logging in from a Windows machine, if that would
: work the same way as samba. It wouldn't be a problem only working in
: the network, as that's the only place it will be used anyway.
I would try to find a unix utility that handles this for you.
I would suggest "su" but I don't know off hand how to pass in the password
without a tty (though I suspect it is possible, perhaps something like
"expect" could do it).
_IF_ you could use su, then you would simply use it with no further ado.
You would call it with the username and password to run a script that does
the work for the user. Either it works if the login is correct, or fails
if it isn't. In either case you would not need access to the password
file, or need to write much code as "su" already does all the work. If
you research then I suspect that there are other utilities that could be
used in a similar manner, the fact that none spring to my mind just means
I have a lousy memory.
If you do this then you would need to protect the passords more carefully
though, because they would be more "valuable" since they access more stuff
than just a web page. That means using HTTPS so noone could snoop the
network and find peoples passwords.
--
This space not for rent.
You shouldn't do that. it isn't secure at all.
add a script to your system, when a new *nix user is created,then your
system can add the user to an .htpasswd file to be used with apache
mod_auth or something like that.
or better,use a database,ldap.. .
Mike Willbanks wrote: joltman, We're working on an intranet site where we will require user's to only
be able to access their own page in some instances. Rather than
introducing another password to the mix, we were thinking about seeing
if we could use the same credentials (username and password) as their
linux credentials. The web site will be running off of the same machine
that we want to access the credentials on.
I would advice against this as PHP/Apache would need read access to the
linux password file. Although it is possible. You would read the linux
password file with the usernames and passwords and use the same
algorithm for checking the passwords.
I forget exactly how the algorithm for checking works but you can do a
google search and find it.
No it doesn't.
Linux, along with most flavours of *nix now implements PAM - (pluggable
authentication modules) these can be configured to authenticate using
old-fashioned /etc/passwd, shadow passwords, NIS[+], SMB, radius, kerberos
and more.
In order to access some of these resources (specifically shadow passwords)
the process must be running as 'root'. The process does not have to be
apache. It is fairly painless to create a suid program or daemon which
interfaces to PAM - there a couple of GPL programs available for squid (a
web proxy) which do exactly this (although they are setup to process lots
of requests per invocation - a single one may be more appropriate). Try the
squid web pages for more info.
C.
The only problem with that is that we are trying to avoid adding
another password to the mix, as most people already have 3 to deal with
(windows, e-mail, erp program)
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Bonegavel |
last post by:
Going to sound strange, but here i go.
We use Windows 2000 AD for everything. However, we are also running
XAMPP (basically Apache, MySQL, PHP for windows) on a Windows box for
our Intranet. I have a few applications that need to authenticate via
AD from PHP and every example I see uses the LDAP functions built into
PHP.
I cannot query our AD server via LDAP. If I type
ldap://domaincontroller it fails, so of course, when I try to use...
|
by: Renato Neves |
last post by:
The following code is working fine, i can create the user in the Active
Directory and "enable" it.
My problem is that, when i'm trying to authenticate him, i can't get to
work!! The user and pass is correct, but it can't authenticate. If i try
other user created in the AD, it work just fine!!!
<------------------------------------------------------------------------------------------------------------->
< ...
|
by: Bud |
last post by:
I would like to be able to pass a request to IIS to have a user name and
password authenticated against my Active Directory Users database. I'm
running Server 2003 however my web pages are build using ASP (not .NET).
What I want to do is to open the standard User Name/Password form (I don't
know how to do that either) and then make my request and get back a
True/False result. There must be a way to do that but I haven't found it
after 3...
|
by: allenj |
last post by:
DB2 UDB 7.2 WSE
Fixpak 9
Linux Red Hat 7.3
A very strange thing just happened w/ my DB2 server. I am on Linux and
using NIS - the instance owner is in the servers /etc/passwd file.
Suddenly, DB2 would not authenticate any NIS-based logins, but it
*would* authenticate the local non-NIS instance owner. This was
happening not only w/ local connections on the server, but also
|
by: Litening |
last post by:
Hi
Can someone please supply me with a program (perhaps the C source)
that authenticates a user on AIX (against the password/shadow/security
file(s))?
So far I have the following from IBM, but I don't know how to
implement it (I'm not really a programmer):
_______________________
| | |
by: ALI-R |
last post by:
I know how to authenticate to a webservice using either of these
ways(Assuming that rService represents the webservice):
1) rService.Credentials = new
System.Net.NetworkCredential("username","password","domainName");
2)rService.Credentials = System.Net.CredentialCache.DefaultCredentials;
My question is that is there a way to authenticate to a user using
WindowsIdentity ???
|
by: EricRybarczyk |
last post by:
I am starting a rewrite of an existing Classic ASP web site in ASP.NET 2.0.
The existing ASP application has several types of users, each with a separate
login process (separate login page, separate DB tables, etc). For one of
these user types, the current application has an additional input field
required for login… they have a username, password, and another “location
code” field. Please don’t make me explain or justify this…...
|
by: kevin.vaughan |
last post by:
Hello Everyone,
Is it possible to authenticate the windows password through Active
Directory?
If so, how would this be done.
I have a login screen in my application and am trying to set it up with
the same login details as Windows to streamline the experience for
users. It also must allow 1 user to log onto the application while
another user is logged onto windows. I must know who is logged onto the
|
by: fomalhaut |
last post by:
Hi All,
I'm builing an application that requires domain admin access to run,
and I'm trying to allow for the application to be run as a normal user
and allow the user to provide it with a username/password that has the
access.
I have a method that will check if the username/password is correct,
however, it will only authenticate the user running the program...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, well explore What is ONU, What Is Router, ONU & Routers main usage, and What is the difference between ONU and Router. Lets take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development projectplanning, coding, testing, and deploymentwithout human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupr who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
