Compare $string from PHP script to /etc/shadow file

Karas · 11-27-2009, 06:29 AM

I am trying to find a way for apache to compare a string to the passwords in the shadow file, so that I can use the same passwords for users linux accounts.

I've found that apache has no access to it, and so cat'ing the file and comparing the contents does not help, is there another more secure way of reading the contents the shadow file and comparing it a string sent from a webpage?

Web31337 · 11-27-2009, 06:48 AM

lol evilhaxor detected!

do not do that please! don't mess with /etc/shadow in webserver. really don't.

Karas · 11-27-2009, 06:53 AM

Ok, thats why I am here....Looking for a way around it, I realised it's a daft thing to do really, exposing the shadow file to the web,...

Karas · 11-27-2009, 06:58 AM

What about copying the password contents to a mysql database?

redgoblin · 11-27-2009, 07:47 AM

With Apache alone I can't see how you could. I had a quick google and come up with this for PHP so perhaps you could employ some PHP based session stuff.

http://allgeekallthetime.blogspot.co...cation-in.html

However, my gut instinct would be don't do it. You're opening your self upto a whole world of potential problems.

Karas · 11-27-2009, 08:18 AM

Ok, is that don't attempt to use the password file as a comparison for login, or don't attempt to change the password file via a webpage? Or both?