tags:

views:

176

answers:

2
+1  Q: 

Is it possible to have a PHP script authenticate users with their Linux user info?

I'm currently trying to expand my PHP driven intranet site for my company. It essentially functions as a bunch of miscellaneous reports and utilities that I've thrown together and linked to on the internal webserver. Whenever people keep wanting the same task done, I script it if at all possible and throw it up on the intranet page so people can accomplish their task without my help.

So far this is working great, but there are a handful of utilities that need to be restricted to just managers and such. Now, I know I could create a whole registration system to authenticate users like would be done on a public website, but frankly, that's a pain in the ass for everyone involved. All users already have a Linux user account on the same server as apache, so I'm thinking it would be so much better if I could just make a login form that would authenticate users against their system usernames/passwords, and then examine their groups to see if they have the privileges to do what they are trying to do (in which case they would belong to the already existing "managers" group). If I can pull this off it seems like a win-win for everyone. Users don't have to register and remember/maintain/update another set of credentials, and I don't have do to anything extra when I want to add or remove users.

Is this at all possible? If there aren't any pre-existing libraries to do this, could I just do it the direct way and have PHP read in and process /etc/passwd, /etc/shadow, and /etc/group?

A: 

You will want to make sure Linux has LDAP on. PHP has lots of built in functions for authenticating and such:

http://php.net/manual/en/book.ldap.php

ryber  2009-11-03 15:26:00
Is this the only way? I don't use LDAP on our system because we are a small company, and this additionally appears to require that PHP be recompiled with LDAP support.
DWilliams  2009-11-03 15:28:29
Im sure there are other ways, LDAP is not suck a heavy thing, I've implemented it quite small groups, it's not a big deal.
ryber  2009-11-03 16:59:07
+4  A: 

To access Linux's authentication system directly, you could look at using the PAM module:

http://pecl.php.net/package/PAM

According to the docs, you need to configure pam to allow php to access it. After that, you can call the pam_auth function to validate a username / password combination:

if (pam_auth($username, $password))
{
    // SUCCESS!!!
}
else
{
    // FAILURE :(
}
Chris AtLee  2009-11-03 15:32:18
This is exactly what I need for logins. I got it working but have one remaining problem, what do I do about groups? How can I see whether or not a user belongs to a certain group with PHP? Is there a more elegant way than processing the output of system("groups $username")?
DWilliams  2009-11-04 16:21:25

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases