I’m trying to make a php program that will authenticate users based on if they have a userid on the system.\u00a0 In my environment my system has a number of users who can just ssh into the machine if they want.\u00a0 But I am trying to make some applications available via a web interface.<\/p>\n
I first saw this link and tried to explore the posix_getpwnam function.\u00a0 This looked promising, but unfortunately Linux puts the password in \/etc\/shadow so you can’t parse the hash that’s returned to do pattern matching.<\/p>\n
I also didn’t want to change any file permissions on the system.\u00a0 I saw a number of posts that suggested that approach.<\/p>\n
So I just did a simple expect script:<\/p>\n
lib\/passwdV.expect<\/p>\n
#!\/usr\/bin\/expect\r\n\r\nlog_user 0\r\n\r\nset argc [llength $argv]\r\nif { $argc != 2} {\r\n puts \"Usage: $argv0 \\[userid\\] \\[password\\]\"\r\n exit 1\r\n}\r\n\r\nset user [lindex $argv 0]\r\nset password [lindex $argv 1]\r\n\r\nspawn su $user -c true\r\n\r\nexpect \"Password:\"\r\nsend \"$password\\r\"\r\nexpect {\r\n \"su: incorrect password\" {\r\n exit 1\r\n }\r\n}\r\nexit 0<\/pre>\nNow I just take my calling script and pass the parameters in:<\/p>\n
exec(\"lib\/passwdV.expect $user $passwd\", $output, $rc);\r\n if($rc == '0'){\r\n echo \"You are logged in!!\\n\";\r\n }else{\r\n echo \"Login Failed!\\n\";\r\n }<\/pre>\nYou can then take the user and set the session logged in portion if you want.\u00a0 This is how I did it.\u00a0 This way I don’t need to store user information in a database since its already part of the system.<\/p>\n
There is still the security concern that when this exec happens the ps -ef output will actually print the password and userid.\u00a0 A better way would be to encode this. I hope to get back to this soon and fix it.<\/p>\n","protected":false},"excerpt":{"rendered":"
I’m trying to make a php program that will authenticate users based on if they have a userid on the system.\u00a0 In my environment my system has a number of users who can just ssh into the machine if they want.\u00a0 But I am trying to make some applications available via a web interface. I…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[920,23,24],"tags":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts\/26"}],"collection":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=26"}],"version-history":[{"count":1,"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts\/26\/revisions"}],"predecessor-version":[{"id":27,"href":"https:\/\/benincosa.com\/index.php?rest_route=\/wp\/v2\/posts\/26\/revisions\/27"}],"wp:attachment":[{"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=26"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=26"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/benincosa.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=26"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}