|
Hi. Thank you very much! What I mean is that " PHP application send the password to the C CGI program which performs the authentication using PAM".My system-auth file is : #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account required /lib/security/$ISA/pam_permit.so password requisite /lib/security/$ISA/pam_cracklib.so retry=3 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow nis password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so but what is it the different with the "does the user send the password to the C CGI program which performs the integration using PAM"? I think your method do make sense that I will use SSL to send the password to a CGI program ,and then the CGI program performs the authentication using PAM. But it happens at the user login. After login, I need save the username and password in the PHP session, and for security , I think I should save the hashed password with MD5 which can be sent back by CGI program. When user performs some operations on the PHP application , for security, I need to send the username and password to CGI program which will auth it again, and then do some operations, but at this time the password I sent is MD5 password , so i need C CGI program auth the MD5 password. I don't know how to do it or whether my method is correct. Thank you very much! Chu Qiu > From: inkubus@xxxxxxxxxxxxxxxx > To: pam-list@xxxxxxxxxx > Date: Wed, 21 Nov 2007 11:06:25 +0000 > Subject: re: How auth the md5 password using pam > > > I have developed a PHP application using PAM auth , and whose config > > file in the /etc/pam.d is : > > > > > > > > #%PAM-1.0 > > > > auth required pam_stack.so service=system-auth > > > > auth required pam_nologin.so > > > > account required pam_stack.so service=system-auth > > You may also want to post the contents of /etc/pam.d/system-auth, seeing > as this uses it. > > > I will send the username and password to a CGI program written by C > > language modules and PAM APIs. > Sorry; it's not clear (at least to me) what you mean. Does your PHP > application send the password to the C CGI program which then performs > the authentication using PAM. Or does the user send the password to the > C CGI program which performs the integration using PAM - if so what does > the PHP app have to do with it? > > > Now I want to encrypt the password with md5, and send username and the > > MD5 encrypted password to CGI . > Firstly MD5 is not encryption, it's a hashing algorithm. Secondly if > you want to communicate securely with a web application, either from > another web application or from a PAM module, then you need to do more > than just encrypt the password; look up TLS and SSL. > > > But I donʼt know how to modify my PAM config file to make it support > > auth the MD5 password. > By the sounds of it, if you are trying to communicate passwords between > applications (I'd also suggest that this is never a very secure nor > sensible way of doing things), then this has nothing to do with PAM. > > HTH > > Cheers, > - Martin > > > > _______________________________________________ > Pam-list mailing list > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list 用 Windows Live Spaces 展示个性自我,与好友分享生活! 了解更多信息! |
_______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
