How auth the md5 password using pam
QiuChu
qiu.chu at hotmail.com
Thu Nov 22 01:17:54 UTC 2007
Hi. Thank you very much!
My system-auth file is :
#%PAM-1.0# This file is auto-generated.# User changes will be destroyed the next time authconfig is run.auth required /lib/security/$ISA/pam_env.soauth sufficient /lib/security/$ISA/pam_unix.so likeauth nullokauth required /lib/security/$ISA/pam_deny.soaccount required /lib/security/$ISA/pam_unix.soaccount sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quietaccount required /lib/security/$ISA/pam_permit.sopassword requisite /lib/security/$ISA/pam_cracklib.so retry=3password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow nispassword required /lib/security/$ISA/pam_deny.sosession required /lib/security/$ISA/pam_limits.sosession required /lib/security/$ISA/pam_unix.so
What I mean is that " PHP application send the password to the C CGI program which performs the authentication using PAM".
but what is it the different with the "does the user send the password to the C CGI program which performs the integration using PAM"?
I think your method do make sense that I will use SSL to send the password to a CGI program ,and then the CGI program performs the authentication using PAM.
But it happens at the user login. After login, I need save the username and password in the PHP session,
and for security , I think I should save the hashed password with MD5 which can be sent back by CGI program.
When user performs some operations on the PHP application , for security, I need to send the username and password to CGI program which will auth it again, and then
do some operations, but at this time the password I sent is MD5 password , so i need C CGI program auth the MD5 password.
I don't know how to do it or whether my method is correct.
Thank you very much!
Chu Qiu
> From: inkubus at interalpha.co.uk
> To: pam-list at redhat.com
> Date: Wed, 21 Nov 2007 11:06:25 +0000
> Subject: re: How auth the md5 password using pam
>
> > I have developed a PHP application using PAM auth , and whose config
> > file in the /etc/pam.d is :
> >
> >
> >
> > #%PAM-1.0
> >
> > auth required pam_stack.so service=system-auth
> >
> > auth required pam_nologin.so
> >
> > account required pam_stack.so service=system-auth
>
> You may also want to post the contents of /etc/pam.d/system-auth, seeing
> as this uses it.
>
> > I will send the username and password to a CGI program written by C
> > language modules and PAM APIs.
> Sorry; it's not clear (at least to me) what you mean. Does your PHP
> application send the password to the C CGI program which then performs
> the authentication using PAM. Or does the user send the password to the
> C CGI program which performs the integration using PAM - if so what does
> the PHP app have to do with it?
>
> > Now I want to encrypt the password with md5, and send username and the
> > MD5 encrypted password to CGI .
> Firstly MD5 is not encryption, it's a hashing algorithm. Secondly if
> you want to communicate securely with a web application, either from
> another web application or from a PAM module, then you need to do more
> than just encrypt the password; look up TLS and SSL.
>
> > But I donʼt know how to modify my PAM config file to make it support
> > auth the MD5 password.
> By the sounds of it, if you are trying to communicate passwords between
> applications (I'd also suggest that this is never a very secure nor
> sensible way of doing things), then this has nothing to do with PAM.
>
> HTH
>
> Cheers,
> - Martin
>
>
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
_________________________________________________________________
新一代的Windows Live 重装推出全新的七种武器!
http://get.live.cn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20071122/3b2c74aa/attachment.htm>
More information about the Pam-list
mailing list