So I'm looking for a way to authenticate users on a un*x host via a web interface. So far, the best solution (in my opinion anyway) is to authenticate them with there system login and password. To do that I need to be able to read the passwd file (not a problem) but also the shadow file. Since the shadow file is readable only by root, this creates a problem.
Now, I've thought about making the script suid root, but that kinda sucks, and I've thought about the apache suid stuff, and I would rather not do that either.
I guess the real question is, have any of you figured out another way to authenticate users. Right now, I'm thinking I could use pop3 as an auth mechanism, I'll just need to find pop function libraries (or write them). Idealy, I guess I would want to make the script similar to a lot of unix progs... For instance, make the script suid root, and then change it's permissions to the user level perms once login has occured. Though i still don't like the idea of doing an suid script...
thanks
pat
