Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??
      Would appreciate your thoughts on this.

My first thought is that from your description you seem to be going to a lot of effort to accomplish a simple task. In fact, IMHO you are going abou this backwards.

First I'd come up with the list of authorized users. Secondly I'd leave the Unix passwords out of the equation and use another repository to store authentication tokens other than /etc/password and/or /etc/shadow. In fact, if your Unix system has implemented shadow files (and most these days do) then you shouldn't be able to access /etc/shadow from your web application. If you can then you are introducing other security issues that I believe are beyond the scope of this discussion.

If you want the userids and passwords to match the account ids and passwords issued for Unix accounts then I'd say import them into another repository from Unix and let your application access them from there. Keeping your list of authorized uers then becomes just an excercise of importing just the users you need and leaving out the rest.

What repository you ask? Investigate .htpassword files for one, LDAP is a good solution and so might be putting the account data in a relational database.

The major drawback to importing the Unix account information that I can think of (besides wire snooping and other evil things) is password synchronization becomes an issue. So does user administration from the perspective of adds/changes/deletes.

If you are lucky enough that your company has standardized on something like LDAP for user authentication then your application should be able to access account logins from there. In fact whoever your LDAP administrator is can set up an ACL and group tailored to the list of who is authorized to use your application relieving you of that burden.

Just my US$0.02 worth.. HTH...


Peter L. Berghold -- Unix Professional
Peter -at- Berghold -dot- Net; AOL IM redcowdawg Yahoo IM: blue_cowdawg

In reply to Re: Unix Password for validation by blue_cowdawg
in thread Unix Password for validation by sara2005

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others learning in the Monastery: (3)
As of 2024-04-17 03:05 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found