squirrelmail authentication !!!
Hello everybody,
I have a intranet portal that gives all sorts of reports to my people. The setup is mysql+php+ apache. In this setup, I have created a mysql table for my users. In this table, I have everybody's uid,encrypted password, their privileges etc. When some fellow logins I take his password, and take out a md5 hash of it, and then compare the uid and this md5 hash with the ones saved in my table, and authenticate them. Once authenticated, I save the uid, and other tit bits of the user in PHP session variables, so that once autheticated the user can access all the allowed data on the site without logging in again.
So far so good.
Now I have started squirrelmail on my server. But here the users who can assess the server have to be created in the OS. So I have created all the users in my FC1. In my opinion creating users in OS is very crude,and probabely insafe.
Now It is very typical that my users have to seperately log in with altogether independent uids, and passwords for accessing the portal, and for accessing the squirrelmail server. This is indeed highly undesirable- once a user logs in he should be able to what ever he desires, without logging out and logging in with different uid and password. I believe there is a way by which the authentication can be centralised.
Any help !
Thanks in advance.
Prabhat Soni
|