login script and /etc/passwd

[leon]

Hello ,

I am trying to create a protected helpdesk for some user I have on my server . I want authorize only users on my /etc/passwd file.

With perl is quite easy using the Auth::PAM module however I am not safe with perl .....

so with php , what I have to do to create a login script , using the user and password available on /etc/passwd dir ?.

Thannk you

[Pim]

Hi Leon,

The easiest way is to create a user database and keep it seperate from the etc/password. And create a 'web user' and 'web helpdesk person' in linux as accounts. So all helpdesk personal will need to authorise themselves through db connection with user 'web helpdesk person' and normal account may login in using db user 'web user'.

Pim.

[Jay]

If you're using Apache you can use HTTP Authentication by adapting it to your own needs (getting the data from a database or whatever)

[leon]

Thank you all .

For Pim : do you have any idea of what I have to do to extract user and password from /etc/passwd to store it on a mysql database ?


For Jay : ... the problem is how to do to recognize user and password in /etc/passwd using php .

[Jay]

For Jay : ... the problem is how to do to recognize user and password in /etc/passwd using php .

Thats for you to work out depending how your user names and passwords are currently stored!

[leon]

For Jay : ... the problem is how to do to recognize user and password in /etc/passwd using php .

Thats for you to work out depending how your user names and passwords are currently stored!

red hat linux , store the user in /etc/passwd and password are shadowed .It means that the password are stored and enrypted in /etc/shadow .

So to create authentication with /etc/passwd is not easy as it seems ..


for example if /etc/passwd contains this line for user experiment....

experiment:x:32017:519::/home/experiment:/usr/local/cpanel/bin/noshell

(the 'x' after experiment means that the password is encrypted and stored on /etc/shadow)


....then /etc/shadow contains this line

experiment:LMQm2./MddWA.:11887::::::

So the encrypted password is LMQm2./MddWA .


So my question could be also this :
How to create php authentication using /etc/shadow file (however consider that /etc/shadow is accessible only from root , so the problem should be solved using /etc/passwd , I think... ) ?

[Pim]

I think you are choosing the wrong authorisation method!!

Do your authorisation with apache or maintain a database yourself.
Remember person does not logon to your machine itself the page that was loaded does. Therefor you don't need to keep track of your users as actual user accounts on your linux machine.

Pim

[leon]

I FOUND the solution in this way .

I created a cron which copy /etc/shadow in /etc/shadow2 .

shadow2 is readable so I can work with it .


With following code .......

Code: Select all


<?php
$user ='test';
$password ='testpwd';
$passwdFile='/etc/shadow2';

$users=file($passwdFile);

if (!$user=preg_grep("/^$userName/",$users))
{
    echo "User '$userName' not found!";
}
else

{

    list(,$passwdInDB)=explode(':',array_pop($user));
    if (crypt($userPasswd,$passwdInDB) == $passwdInDB)

    {
       echo "Password verified!";
    }

    else
    {
        echo "Passwords don't match!";
       
}
        }
       
     

?>



......I solve the problem , however there is still something wrong on it .

This line ...

Code: Select all

list(,$passwdInDB)=explode(':',array_pop($user));
if (crypt($userPasswd,$passwdInDB) == $passwdInDB)


should search the user ($user) and crypt the password after :

It works , but instead to get the $user it get the LAST user
in the list .


For example ... if the list contained in /etc/shadow2 is ;

useralfa:ZqrYf9Sia4xz6:11906::::::
userbravo:9IpB2JN0oVAUA:11912::::::
usercharlie:9IpB2JN0oVAUA:11912::::::

and I insert $user= 'userbravo';

the code crypt the user usercharlie instead of userbravo .
Can you find the error ?


thank you.