On Mon, 2002-09-09 at 07:45, R P Herrold wrote: > On 9 Sep 2002, Gordon Messmer wrote: > > > On Mon, 2002-09-09 at 05:57, Chris Mason wrote: > > > I don't think PHP supports PAM authentication without patches, how would > > > you access the authentication system? > > > > Not to mention that it'd have to run as root to read /etc/shadow. > > Extracting a readible subset of /etc/shadow is quite do-able > by a cron process
...which basically negates the benefits of the shadow password file. LDAP, Kerberos, or (as you note) RADIUS are better options. > (similar to the redacted /var/ftp/etc/passwd > et al., which anon ftp uses in a chrooted daemon setup), and > then one authenticates potential users there ... Whose ftp server does that? I've never seen it. > There is working sample code in my 'PHP and the command line' > presentation at: > http://www.colug.net/notes/0208mtg/?c=authindex.php Nitpick: <head> <link REL="SHORTCUT ICON" HREF="/favicon.ico"> <title>The Central Ohio Linux User Group<br> <b>Warning</b>: Failed opening 'IPgreet.php' for inclusion (include_path='.:/usr/share/php') in <b>/home/COLUG/pubhtml/template/header.php</b> on line <b>13</b><br> </title> You should fix that. > > One could always switch to LDAP or Kerberos for authentication on the > > system, and access those from PHP (but not necessarily with PAM?). > > ummmm --- native radius support exists in PHP, albeit the last > time I used it, marked experimental Is it enabled in Red Hat's build? I don't see it documented here: http://www.php.net/manual/en/ -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
