Re: using PAM for authentication

From: William Ahern (william_at_wilbur.25thandClement.com)
Date: 04/22/04

• Next message: Barry Margolin: "Re: Shared memory and semaphore synchonization"
• Previous message: Rich Teer: "Re: Question about popen"
• In reply to: Reinhard Eilmsteiner: "Re: using PAM for authentication"
• Next in thread: Reinhard Eilmsteiner: "Re: using PAM for authentication"
• Reply: Reinhard Eilmsteiner: "Re: using PAM for authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Thu, 22 Apr 2004 10:28:15 -0700

Reinhard Eilmsteiner <news-stuff@eilm.at> wrote:
> Hi!
>
> Do you really want to use operating system users within the web-service?
> LDAP should work with PHP (I just assume this) and you should be able to
> connect to the LDAP from PHP. Therefore you could have the users and the
> passwords within LDAP and call to it from your web-application.
>
> If you don't positively _need_ to use the operating system users for
> your web-application I strongly recommend to use different creditentials
> for security-, maintenance- and portability reasons.
>
> Reinhard.

I'd think a web application's security, maintenance and portability
characteristics would benefit *from* using OS services.

The trick is authorization, and you have to deal w/ that in any scheme so
why duplicate authentication services? One argument is that adding more
software which can see the passwd makes the passwd more vulnerable to
interception, but many (most? all?) people reuse passwds so that particular
point is moot in my book.

I'm curious about your take on the issue.

- Bill

---

• Next message: Barry Margolin: "Re: Shared memory and semaphore synchonization"
• Previous message: Rich Teer: "Re: Question about popen"
• In reply to: Reinhard Eilmsteiner: "Re: using PAM for authentication"
• Next in thread: Reinhard Eilmsteiner: "Re: using PAM for authentication"
• Reply: Reinhard Eilmsteiner: "Re: using PAM for authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: using PAM for authentication ... Do you really want to use operating system users within the web-service? ... LDAP should work with PHP and you should be able to ... passwords within LDAP and call to it from your web-application. ... (comp.unix.programmer) Re: [PHP] Authentification and LDAP (SSO / Single Sign-On) ... To use LDAP from within PHP you need to have a version of PHP with LDAP ... Sir Powys yn bersonol i'r awdur ac nid yw'n awdurdodedig gan y ... Any content that is not pertinent to Powys County Council business ... (php.general) Re: [PHP-WIN] Confused ... On 8/24/07, Gustav Wiberg wrote: ... > To get LDAP working in PHP for Windows, you first need to download the ... > ZIP package of PHP. ... >> PHP Windows Mailing List ... (php.general) Re: Accessing AD from UNIX machines ... I would like to write a small C/C++ program which would do this, like in case of Java, JNDI can be used to connect to AD using LDAP and then access the objects in AD. ... coupled but your question is more of an LDAP question than it is a ... PHP is actually a really nice language for UNIX scripting. ... (comp.protocols.kerberos) Re: [PHP] Php coding help - Newbie question ... > I am having a site in PHP which I need to ... > The site deals with modifying / adding / deleting entries in a LDAP dir. ... > user's login & passwd. ... I don't see any reason to store the passwd and validate against ldap on ... (php.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)