Please Help!!! Authentication Problem!!!

nitromax

Well-Known Member
Feb 12, 2002
189
0
316
Hello,

I have several custom cgi scripts that will be accessible from within CPanel for each customer on the server (one of which is a file manager). I have created an area on the server called /cp-cgi and it's much like the /cgi-sys directory that CPanel uses, where I will put these custom cgi scripts.

I initially had my file manager and a few other custom scripts in the /cgi-sys directory, but I found out that there was no authentication on this directory, and that you could basically type in any domain name that is setup on the server, followed by /cgi-sys/scriptname.cgi, and the file mananger would run on that domain with NO authentication. Basically anyone could access other customers accounts. Not a good thing!

However I am trying to setup authentication on this /cp-cgi directory with no success...

My goal is this... As long as the customer has alredy entered their username and password to enter CPanel they should be able to access this /cp-cgi directory with no problems and with no further authentication. But if you just typed into your browser a domain name followed by /cp-cgi/script.cgi the system should prompt you for a username and password for that domain.

How do I do that? I tried several variations of the following in the httpd.con file, and also in an .htaccess file (minus the Directory statement) in that directory, but I couldn't get it to work:

&Directory &/home/httpd/cp-cgi/&&
AuthName &Control Panel&
AuthType Basic
AuthUserFile /etc/shadow
AuthGroupFile /etc/group
&Limit GET POST&
require valid-user
&/Limit&
&/Directory&


Any ideas of how I can get this to work correctly? Please help!!!
 

haider

Member
Feb 25, 2002
14
0
301
help exchange offer...

Hello Friend,

I am also looking a way to somehow catch the cpanel password so that I can consolidate it with support sytem software but no success. If you know how to do it (as you look experienced) then please let me know....

I also think that I can help you with the filemanager problem.

THANKS.....!


Regards,
Haider Abbas







[quote:281197469b][i:281197469b]Originally posted by nitromax[/i:281197469b]

Hello,

I have several custom cgi scripts that will be accessible from within CPanel for each customer on the server (one of which is a file manager). I have created an area on the server called /cp-cgi and it's much like the /cgi-sys directory that CPanel uses, where I will put these custom cgi scripts.

I initially had my file manager and a few other custom scripts in the /cgi-sys directory, but I found out that there was no authentication on this directory, and that you could basically type in any domain name that is setup on the server, followed by /cgi-sys/scriptname.cgi, and the file mananger would run on that domain with NO authentication. Basically anyone could access other customers accounts. Not a good thing!

However I am trying to setup authentication on this /cp-cgi directory with no success...

My goal is this... As long as the customer has alredy entered their username and password to enter CPanel they should be able to access this /cp-cgi directory with no problems and with no further authentication. But if you just typed into your browser a domain name followed by /cp-cgi/script.cgi the system should prompt you for a username and password for that domain.

How do I do that? I tried several variations of the following in the httpd.con file, and also in an .htaccess file (minus the Directory statement) in that directory, but I couldn't get it to work:

&Directory &/home/httpd/cp-cgi/&&
AuthName &Control Panel&
AuthType Basic
AuthUserFile /etc/shadow
AuthGroupFile /etc/group
&Limit GET POST&
require valid-user
&/Limit&
&/Directory&


Any ideas of how I can get this to work correctly? Please help!!![/quote:281197469b]
 

SoftmegUK

Well-Known Member
Feb 13, 2002
372
0
316
UK
[quote:86ba7b4a4e][i:86ba7b4a4e]Originally posted by haider[/i:86ba7b4a4e]

Hello Friend,

I am also looking a way to somehow catch the cpanel password so that I can consolidate it with support sytem software but no success. If you know how to do it (as you look experienced) then please let me know....

I also think that I can help you with the filemanager problem.

THANKS.....!


Regards,
Haider Abbas
[/quote:86ba7b4a4e]

If you could catch the CPanel passwords wouln't it be less secure?
 

haider

Member
Feb 25, 2002
14
0
301
[quote:7c4063c42b][i:7c4063c42b]Originally posted by SoftmegUK[/i:7c4063c42b]

If you could catch the CPanel passwords wouln't it be less secure?[/quote:7c4063c42b]


No it will not be dear sofmeguk as I want to catch it in the script using special technique and there are many big sites that are catch the password without any security threats :)
 

Juanra

Well-Known Member
Sep 22, 2001
777
0
316
Spain
[quote:ec97cbc981][i:ec97cbc981]Originally posted by haider[/i:ec97cbc981]
I am also looking a way to somehow catch the cpanel password so that I can consolidate it with support sytem software but no success. If you know how to do it (as you look experienced) then please let me know....
[/quote:ec97cbc981]

http://support.cpanel.net/obb/read.php?TID=1951