Pat Regan on 20 Jan 2006 22:31:45 -0000


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Programmers: PAM Authentication through a web application?


Marc Zucchelli wrote:
> I am reinventing the wheel again, I am building a
> webhosting control panel, and I would like users to
> sign in with their FTP password.  I am trying to
> figure out the best way of accomplishing this.
> 
> 1.  I could keep an updated md5 hash of their password
> in a database that I can authenticate against.
> 
> 2.  I could set /etc/shadow to use md5 and
> authenticate against that, this way the password hash
> will only be stored in one place, which is good.  The
> only problem is that:
> echo "123456" | md5sum
> 
> gives me:
> 
> f447b20a7fcbf53a5d5be013ea0b15af
> 
> But an md5 password of 123456 in /etc/shadow looks
> more like this:
> 
> $1$IlxzSzzz$Iagtf0Kf88rsCAUXzUlKf1
> 
> How am I supposed to compare the two?

You shouldn't have to know how any of this is implemented, and you
probably should query against PAM.  I don't know what language you are
using, but this Perl module seems to be the sort of thing you should use:

http://search.cpan.org/~nikip/Authen-PAM-0.16/d/PAM.pm

Pat

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug