The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Authenticate using cpanel username/passwords?

Discussion in 'General Discussion' started by exodar, Mar 10, 2007.

  1. exodar

    exodar Registered

    Joined:
    Mar 10, 2007
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    I did a search through the forums and didn't find anything that was relevant to what I am looking for, so I am posting a new thread.

    I am creating a web portal on my web hosting site for all of my clients to login to perform billing functions, change passwords, access their cPanel, etc. Is it possible to authenticate my clients against the cPanel username/password that was created for them when they signed up with me? I could maintain a separate database of usernames and passwords, but that will be far too confusing for the users to maintain a separate password for the portal than what they use to access their cPanel.

    Thanks in advance for any ideas!
    exodar
     
  2. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    Yes, it's possible; if you want to use the cpanel user and password, they're just plain old system users.

    The problem becomes how do you read and confirm the password information, and just how you solve that problem depends on whether you are a reseller or not.

    If you're a reseller, you're probably best writing a script to attempt a local FTP logon with the username and password. If you get in, you're authenticated and should record that in a session so you don't have to check again. Messy but will work.

    If you're not a reseller, I'd suggest writing a 10 line C program to check the password and return an exit status confirming whether the password was correct. The program would need to run as setuid root. You should be able to find something with a little googling! It does need to be setuid root as it needs to check the password file. It wouldn't do any harm for you to restrict usage of that program to your script userid so it can't be discovered at some point and used against you. Don't make the program give helpful error messages either!
     
  3. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    A quick and dirty solution I've used in the past was to do a POP3 authentication - essentially the same idea as the previous poster's idea of doing a FTP login. I'm not sure which is faster on your particular server(s), however POP3 seemed to work fairly quickly without us getting yelled at by the SysAdmin back when I was a web developer.
     
Loading...

Share This Page