On 9 Sep 2002, Gordon Messmer wrote: > On Mon, 2002-09-09 at 05:57, Chris Mason wrote: > > I don't think PHP supports PAM authentication without patches, how would > > you access the authentication system? > > Not to mention that it'd have to run as root to read /etc/shadow.
Extracting a readible subset of /etc/shadow is quite do-able by a cron process (similar to the redacted /var/ftp/etc/passwd et al., which anon ftp uses in a chrooted daemon setup), and then one authenticates potential users there ... There is working sample code in my 'PHP and the command line' presentation at: http://www.colug.net/notes/0208mtg/?c=authindex.php which was designed for use in a closed subnet -- Some hardening of variable checking, DoS and dictionary attack detectors and rate-limiters, and moving logging/notifications into the code would be needed if placed on the public internet-- they are external in the code fragment cited. > One could always switch to LDAP or Kerberos for authentication on the > system, and access those from PHP (but not necessarily with PAM?). ummmm --- native radius support exists in PHP, albeit the last time I used it, marked experimental -- Russ Herrold -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list