Sent via Deja.com http://www.deja.com/
Before you buy.
a couple things:
(1) why not just use the standard .htaccess method. that's somewhat
more secure.
(2) a possible solution would be to have something in root's crontab
that puts the appropriate entries i.e. just the ones for users from
/etc/shadow into another file that is in a predetermined location which
your webserver can read. then things like the root password would not
easily be grabbed.
Coy
--
Coy Hile
hi...@cse.psu.edu
"Two roads diverged in a wood, and I-- / I took the one less traveled by,
And that has made all the difference." --Robert Frost
If you want to do this in a CGI, you could write a setuid-root program that
takes a username and password, and validates it using getspnam().
Another way is to let the web server do the authentication for you, by
creating a .htpasswd file that contains the encrypted passwords from
/etc/shadow. Make sure the .htpasswd file is only readable by the userid
that the web server runs as.
--
Barry Margolin, bar...@bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
> If you want to do this in a CGI, you could write a setuid-root program that
> takes a username and password, and validates it using getspnam().
>
> Another way is to let the web server do the authentication for you, by
> creating a .htpasswd file that contains the encrypted passwords from
> /etc/shadow. Make sure the .htpasswd file is only readable by the userid
> that the web server runs as.
Surely the questioner needs to be referred to the Apache FAQ and
the threatened loss of all unix guru points?
cheers