Linux Authentication

Anon

I want to write a php script that will take in a user name & password and check if it is a valid Linux user.
Can this be done in php ?... or would I need to do it using shell scripts.

Id prefer php.

Thanks for any help.

[deleted]

"Can this be done in php"

Sure, just encrypt the password and compare it with the password in the server's password file.

But a script like that would be 'unsafe' to say the least. You're basically opeing up a 'mastermind' interface to your server's account files. Any hacker can try a brute force attack and all you'll notice is that your webserver is busier than normal (and not even that if the hacker is carefull)

Also, HTTP is plaintext, which means that the 'better than average' hacker can read-along with your webtraffic and filter out all the user's names and passwords, and he even gets a message to verify which passwords work and which don't.

Not smart.

Anon

But a script like that would be \'unsafe\' to
say the least. You\'re basically opeing up a
mastermind\' interface to your server\'s account
files. Any hacker can try a brute force attack

you could limit the amount of access attempts per period of time or restrict access to a given ip or ip range or password protect the function itself so it\'s invite only, or you could ban an ip from trying again in the future if they get 3 wrong in a row.... they\'re are a lot of ways to semi-secure this (although it is inherently a bad idea)

Also, HTTP is plaintext, which means that the
\'better than average\' hacker can read-along

well, there is ssl. it\'s designed to prevent that sort of thing 🙂

oh, and the passwords aren\'t in the passwd file... they\'re in /etc/shadow