Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Unix authentication thru web interface...

2 views
Skip to first unread message

ste...@borgia.com

unread,
Apr 4, 2000, 3:00:00 AM4/4/00
to
How can I allow users to log in to my web site using standard unix
accouts stored in /etc/passwd? Also, I am using shadow passwords.
Typically, I would use getpwnam in a cgi app to grab the user's
encrypted password, then encrypt the password that the user typed in on
the web page using the same salt from /etc/passwd. But with shadow, by
web server does not have access to /etc/shadow. To be most secure
about it, how can I validate a user who enters his user/pass combo into
a web page?
Thanks for any help!
Stefan Adams


Sent via Deja.com http://www.deja.com/
Before you buy.

Coy A Hile

unread,
Apr 4, 2000, 3:00:00 AM4/4/00
to
In article <8cdi60$mdn$1...@nnrp1.deja.com>, <ste...@borgia.com> wrote:
>How can I allow users to log in to my web site using standard unix
>accouts stored in /etc/passwd? Also, I am using shadow passwords.
>Typically, I would use getpwnam in a cgi app to grab the user's
>encrypted password, then encrypt the password that the user typed in on
>the web page using the same salt from /etc/passwd. But with shadow, by
>web server does not have access to /etc/shadow. To be most secure
>about it, how can I validate a user who enters his user/pass combo into
>a web page?

a couple things:

(1) why not just use the standard .htaccess method. that's somewhat
more secure.

(2) a possible solution would be to have something in root's crontab
that puts the appropriate entries i.e. just the ones for users from
/etc/shadow into another file that is in a predetermined location which
your webserver can read. then things like the root password would not
easily be grabbed.

Coy
--
Coy Hile
hi...@cse.psu.edu
"Two roads diverged in a wood, and I-- / I took the one less traveled by,
And that has made all the difference." --Robert Frost

Barry Margolin

unread,
Apr 4, 2000, 3:00:00 AM4/4/00
to
In article <8cdi60$mdn$1...@nnrp1.deja.com>, <ste...@borgia.com> wrote:
>How can I allow users to log in to my web site using standard unix
>accouts stored in /etc/passwd? Also, I am using shadow passwords.
>Typically, I would use getpwnam in a cgi app to grab the user's
>encrypted password, then encrypt the password that the user typed in on
>the web page using the same salt from /etc/passwd. But with shadow, by
>web server does not have access to /etc/shadow. To be most secure
>about it, how can I validate a user who enters his user/pass combo into
>a web page?

If you want to do this in a CGI, you could write a setuid-root program that
takes a username and password, and validates it using getspnam().

Another way is to let the web server do the authentication for you, by
creating a .htpasswd file that contains the encrypted passwords from
/etc/shadow. Make sure the .htpasswd file is only readable by the userid
that the web server runs as.

--
Barry Margolin, bar...@bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

Alan J. Flavell

unread,
Apr 4, 2000, 3:00:00 AM4/4/00
to
On Tue, 4 Apr 2000, Barry Margolin wrote:

> If you want to do this in a CGI, you could write a setuid-root program that
> takes a username and password, and validates it using getspnam().
>
> Another way is to let the web server do the authentication for you, by
> creating a .htpasswd file that contains the encrypted passwords from
> /etc/shadow. Make sure the .htpasswd file is only readable by the userid
> that the web server runs as.

Surely the questioner needs to be referred to the Apache FAQ and
the threatened loss of all unix guru points?

cheers


0 new messages