LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-27-2009, 06:29 AM   #1
Karas
Member
 
Registered: Oct 2009
Distribution: Slackware 13.0
Posts: 49

Rep: Reputation: 15
Compare $string from PHP script to /etc/shadow file


I am trying to find a way for apache to compare a string to the passwords in the shadow file, so that I can use the same passwords for users linux accounts.

I've found that apache has no access to it, and so cat'ing the file and comparing the contents does not help, is there another more secure way of reading the contents the shadow file and comparing it a string sent from a webpage?
 
Old 11-27-2009, 06:48 AM   #2
Web31337
Member
 
Registered: Sep 2009
Location: Russia
Distribution: Gentoo, LFS
Posts: 399
Blog Entries: 71

Rep: Reputation: 65
lol evilhaxor detected!
do not do that please! don't mess with /etc/shadow in webserver. really don't.
 
Old 11-27-2009, 06:53 AM   #3
Karas
Member
 
Registered: Oct 2009
Distribution: Slackware 13.0
Posts: 49

Original Poster
Rep: Reputation: 15
Ok, thats why I am here....Looking for a way around it, I realised it's a daft thing to do really, exposing the shadow file to the web,...
 
Old 11-27-2009, 06:58 AM   #4
Karas
Member
 
Registered: Oct 2009
Distribution: Slackware 13.0
Posts: 49

Original Poster
Rep: Reputation: 15
What about copying the password contents to a mysql database?
 
Old 11-27-2009, 07:47 AM   #5
redgoblin
Member
 
Registered: Jun 2005
Location: UK
Distribution: Debian
Posts: 189

Rep: Reputation: 41
With Apache alone I can't see how you could. I had a quick google and come up with this for PHP so perhaps you could employ some PHP based session stuff.

http://allgeekallthetime.blogspot.co...cation-in.html

However, my gut instinct would be don't do it. You're opening your self upto a whole world of potential problems.
 
Old 11-27-2009, 08:18 AM   #6
Karas
Member
 
Registered: Oct 2009
Distribution: Slackware 13.0
Posts: 49

Original Poster
Rep: Reputation: 15
Ok, is that don't attempt to use the password file as a comparison for login, or don't attempt to change the password file via a webpage? Or both?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Updating a Shadow file password through a script DRiggs Linux - Security 1 06-24-2008 04:15 PM
Howto compare password in /etc/shadow blunt Linux - Server 5 04-18-2007 05:41 AM
Recursive diff ( File compare ) script sharathkv25 Programming 5 02-22-2007 08:39 AM
Script to compare file size nazs Programming 6 05-24-2006 10:10 AM
php read from file and compare. xushi Programming 11 07-14-2005 01:10 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration