checking password

marianna

I want to use the same user name and password as people use to log on to the their UNIX stations for logging on to the tool I'm building.
How can I check the password?
Are there any specific variables or functions for this?

Thanks in advance,

Marianna Gheno

Anon

you can read /etc/shadow (but i doubt the apache user has the right to do so)

you can use an ldap authentification system for both system logging and php logging.

Anyway, do not use the same login/password for web auth and login auth if you dont use a ssl web server: people would be able to sniff login/pass value from web query and use them to log in.

marianna

well, first off, this is going to be an intranet tool on a small local server so we're not too concerned with hackers, but thanks for the info anyway

what's an "ldap authentification system"
(sorry if this is a dumb question, but i do not know)
how would i use it?

thanks,

Marianna

Anon

For more information about ldap have a look at

http://www.openldap.org/

It s a protocol that let you easily query and affect data in a tree structure.

It is ususally used to share common data for several authetification system (login,pop,database, whatever).

You can have your loggin authentifiaction use ldap and php may be able to read the same information (the initial trouble was php is not able to read /etc/shadow)

Another simple way would be to have a www-data readable copy of the shadow file, but i guess it would not be a good security issue.

By the way, ill intentionned people are often inside the organisation itself, so do not be too trustfull about intranet user.

Good luck

marianna

thanks for all the info - i'll check it out