Authentification agains /etc/shadow

bundschuh

Is it possible, to authentificate a user against the local linux-password-file (e.g. /etc/shadow) ?
PAM ?

michael

Originally posted by bundschuh
Is it possible, to authentificate a user against the local linux-password-file (e.g. /etc/shadow) ?
PAM ?

Yes, however, this is an extremely poor idea. Most versions of Solaris and Linux opt for MD5. In order to even view the MD5, you must have root access.

Thus, your process accessing the file must have root access (and your PHP programme.) This is an extremely poor solution.

Instead, create a program to import your shadow file into a PHP table. Run this program only from the server. (SSH.) Copy the MD5's verbaitim. They are usually 32-34 characters.

Authenticate against that.

Michael

hep

Hello,

I am also interested about this.
I didn't really understand hwou you can do this.

Gimme please an example.

Thanks
Hep
hep@arelec.ch

michael

I would set up a programme to synchronize the data pools. In short, write a programme (which will run at the root level) to parse the shadow file and input the listings to your SQL database.

I take back my earlier statement. In lieu of MD5 (because they are insecure) use SHA-1.

More details here:
http://www.mysql.com/doc/en/Miscellaneous_functions.html

I would then write the login and logout scripts as per usual, comparing against the SHA-1. Use HTTPS/SSL if possible.

Michael