Authorise against the operating system

Anon

Hello,

I was wondering, is it possible to verify the authentication against the system, instead of a textfile or a database.
Let me give an example to explain myself :
When somebody authorises (using PHP_AUTH_USER) i want to let php check if this user (and his passwoord) is a valid user on the server on which php runs.

I do not want to create a textfile with all my passwords in, or put all the passwords in a database. I just want it to use the existing userbase of my server.

Secondary objective : let php verify this login/pass combination against a NT server (the PDC) on my network. (apache/php runs on a linux server)

Thanks for any insights you might give..

Liese De Vos

mithril

Regarding your secondary objective, you can only authenticate against an NT server if you're running IIS (and I think you can only authenticate against that actual server itself).

As for authenticating against the Linux box's userbase, I don't think that's possible either (but don't quote me on that). I can't imagine Apache/PHP being allowed that level of access to the primary system. That could open a pretty big hole for exploits.

-geoff

[deleted]

It's likely that both are possible, but the real question is: "Why would you ever want to do this?" and "Is it smart to do this?"

Firstly you'd be sending your system passwords accross unprotected http connections, not smart.

Secondly, you'd be allowing your webserver to access all password data on your system, which means any PHP script can access the passwords, which is a hacker's eldorado.

A forum, a FAQ, email notification, what else do you need?