> > On session start the user sends his login name and the password for the > > remote account. I want to check the authenticity by something like > > trying to ssh into the remote account and immediately logout again. The > > unix user doing this is the owner of the apache process. > > > If this is the only time you'll ever want to authenticate users outside > of account login, this hack will work. If you want a solution that > scales (so that one day your users can be authenticated by mail and web > servers, web applications, anything...), use LDAP.
Thanx for your answers so far. I have to specify my situation more precisely: Working in the student represention of a university I'm implementing a printing service (a student make a selection of old exams and the like that will be treated as an order and printed out). Since all our students have a UNIX account in the university network we decided to not maintain user passwords on _our_ server but use the existing university accounts and "connect" them with our users. (The users don't have to remember one more password (for a relatively rarely used service) and we don't have to bother with the inevitable "I forgot my password.") Since I have no administrative access to the university servers LDAP doesn't seem to be an alternative. Given that ssh is the only access method in question is there any way (or ssh'ish program) to avoid the use of something like ExpectPy (expectpy.sourceforge.net)? Stony
