On 9 Sep 2002, Gordon Messmer wrote:

> On Mon, 2002-09-09 at 05:57, Chris Mason wrote:
> > I don't think PHP supports PAM authentication without patches, how would
> > you access the authentication system?
> 
> Not to mention that it'd have to run as root to read /etc/shadow.

Extracting a readible subset of /etc/shadow is quite do-able
by a cron process (similar to the redacted /var/ftp/etc/passwd
et al., which anon ftp uses in a chrooted daemon setup), and
then one authenticates potential users there ...

There is working sample code in my 'PHP and the command line' 
presentation at:
    http://www.colug.net/notes/0208mtg/?c=authindex.php 

which was designed for use in a closed subnet -- Some
hardening of variable checking, DoS and dictionary attack
detectors and rate-limiters, and moving logging/notifications
into the code would be needed if placed on the public
internet-- they are external in the code fragment cited.

> One could always switch to LDAP or Kerberos for authentication on the
> system, and access those from PHP (but not necessarily with PAM?).

ummmm --- native radius support exists in PHP, albeit the last
time I used it, marked experimental

-- Russ Herrold



-- 
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to