Page 1 of 1

using crypt

Posted: Mon Oct 02, 2006 6:21 am
by miro_igov
Hello,

I'm trying to make a php script which adds user accounts into red hat system. There is a file called /etc/shadow in which the passwords and other data is saved. What is the encryption method of the passwords in this file ?

Posted: Mon Oct 02, 2006 6:42 am
by Jenk
Even if you were able to encrypt/decrypt directly to the file, your PHP/Apache process won't have access to it (or shouldn't)

Posted: Mon Oct 02, 2006 6:49 am
by volka
And the system could be configured to use pam for authentication. I really don't think you should edit this file.
Take a lok at http://www.google.de/search?&q=linux%20useradd
But if you're going to use useradd from a php script be really careful with the parameters.

Posted: Mon Oct 02, 2006 6:51 am
by miro_igov
Jenk wrote:Even if you were able to encrypt/decrypt directly to the file, your PHP/Apache process won't have access to it (or shouldn't)
Then how the control panels add email accounts ?

@volka it says useradd: command not found

Posted: Mon Oct 02, 2006 6:59 am
by volka
That's strange, http://www.mediacollege.com/linux/red-hat/useradd.html
Maybe /usr/sbin wasn't in PATH, maybe because the process wasn't root?

Posted: Mon Oct 02, 2006 7:48 am
by miro_igov
Well the process is not under the rot account. But i was able to change the permissions of the shadow file so the php account can write into it.

Is this a security weakness ?

Posted: Mon Oct 02, 2006 8:02 am
by Jenk
miro_igov wrote:
Jenk wrote:Even if you were able to encrypt/decrypt directly to the file, your PHP/Apache process won't have access to it (or shouldn't)
Then how the control panels add email accounts ?

@volka it says useradd: command not found
Email accounts do not require User Accounts at OS level.

Posted: Mon Oct 02, 2006 8:06 am
by miro_igov
So how an email account could be created ?

Posted: Mon Oct 02, 2006 9:02 am
by Jenk
Depends on the Mail Server software.

Posted: Mon Oct 02, 2006 10:40 am
by miro_igov
The hosting company said that there is no way to create email accounts without creating system users. They use VPS techology.

Posted: Mon Oct 02, 2006 11:18 am
by Jenk
I've never heard of, nor used VPS but I don't believe that for a second.

Is it a POP3 mail server?

Posted: Mon Oct 02, 2006 12:17 pm
by miro_igov
is there is a pop3 server. VPS is virtual private server.