I manage to find a thread about it but not much info given on how to go about it step by step.

I would like to build a login page.
I would like to use the shadow file in linux as the credentials.

This is what I would like to do:
Say, eg in the shadow file there is a user with:
username: root
password:qwerty

That means for the login to be successful, the user must type root;qwerty and the credentials entered
will be compared with the ones in the shadow file. If both matches, login is successful, else failed.

How can I do this using shadow? What about logging out? Do I need to to anything here (logging out)?

Is there a better way of doing this; ie building this login mechanism?
(Requirement:The username and password should not be stated in the php codes and password must be encrypted)

Hope someone can help me out and provide an example.

THanks a million.
James

    hi
    the shadow file has the following format:
    username:passwd:last:may:must:warn:expire:disable:reserved
    where passwd most times is encrypted with one of many available one-way-hashing functions...which is really depending on your system...most common are
    DES based with 2 character salt (first 2 characters of passwd are the salt, the rest is the encrypted passwd)
     md5 based OpenBSD crypt()
    * mixture of the above (where the magic $1$ identifies it as the non-DES-based )
    I use sha512 in my distri...
    you will find tons of variations...so see the manpage for shadow(3). read the source of the shadow suite your box uses to find out.
    I HIGHLY DISCOURAGE THIS IDEA OF YOURS. /NOBODY/ but root/shadow should be abled to open /etc/shadow, after all this is the reason why passwd shadowing exists, and the passwds are not stored in /etc/passwd. I really mean it
    regards

      Thanks for the advice.
      If this is the case, then what is the best way to go about this?

      My main requirement is that the username and password should not be in the PHP codes and that the password should be encrypted.
      That means only the person who created the password should know the password.

      If I use mysql to store the username and password, how should I go about this?

      Hope someone can help me out here.
      Thanks

        3 months later

        Did you ever find any secure way to do this? I want my users to be able to login to an SSL encrypted PHP page using their system (shadow) username and password. Surely there must be some secure way of doing this, no?

          Write a Reply...