The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Please Help!!! Authentication Problem!!!

Discussion in 'General Discussion' started by nitromax, Mar 1, 2002.

  1. nitromax

    nitromax Well-Known Member

    Joined:
    Feb 12, 2002
    Messages:
    189
    Likes Received:
    0
    Trophy Points:
    16
    Hello,

    I have several custom cgi scripts that will be accessible from within CPanel for each customer on the server (one of which is a file manager). I have created an area on the server called /cp-cgi and it's much like the /cgi-sys directory that CPanel uses, where I will put these custom cgi scripts.

    I initially had my file manager and a few other custom scripts in the /cgi-sys directory, but I found out that there was no authentication on this directory, and that you could basically type in any domain name that is setup on the server, followed by /cgi-sys/scriptname.cgi, and the file mananger would run on that domain with NO authentication. Basically anyone could access other customers accounts. Not a good thing!

    However I am trying to setup authentication on this /cp-cgi directory with no success...

    My goal is this... As long as the customer has alredy entered their username and password to enter CPanel they should be able to access this /cp-cgi directory with no problems and with no further authentication. But if you just typed into your browser a domain name followed by /cp-cgi/script.cgi the system should prompt you for a username and password for that domain.

    How do I do that? I tried several variations of the following in the httpd.con file, and also in an .htaccess file (minus the Directory statement) in that directory, but I couldn't get it to work:

    &Directory &/home/httpd/cp-cgi/&&
    AuthName &Control Panel&
    AuthType Basic
    AuthUserFile /etc/shadow
    AuthGroupFile /etc/group
    &Limit GET POST&
    require valid-user
    &/Limit&
    &/Directory&


    Any ideas of how I can get this to work correctly? Please help!!!
     
  2. haider

    haider Member

    Joined:
    Feb 25, 2002
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    help exchange offer...

    Hello Friend,

    I am also looking a way to somehow catch the cpanel password so that I can consolidate it with support sytem software but no success. If you know how to do it (as you look experienced) then please let me know....

    I also think that I can help you with the filemanager problem.

    THANKS.....!


    Regards,
    Haider Abbas







    [quote:281197469b][i:281197469b]Originally posted by nitromax[/i:281197469b]

    Hello,

    I have several custom cgi scripts that will be accessible from within CPanel for each customer on the server (one of which is a file manager). I have created an area on the server called /cp-cgi and it's much like the /cgi-sys directory that CPanel uses, where I will put these custom cgi scripts.

    I initially had my file manager and a few other custom scripts in the /cgi-sys directory, but I found out that there was no authentication on this directory, and that you could basically type in any domain name that is setup on the server, followed by /cgi-sys/scriptname.cgi, and the file mananger would run on that domain with NO authentication. Basically anyone could access other customers accounts. Not a good thing!

    However I am trying to setup authentication on this /cp-cgi directory with no success...

    My goal is this... As long as the customer has alredy entered their username and password to enter CPanel they should be able to access this /cp-cgi directory with no problems and with no further authentication. But if you just typed into your browser a domain name followed by /cp-cgi/script.cgi the system should prompt you for a username and password for that domain.

    How do I do that? I tried several variations of the following in the httpd.con file, and also in an .htaccess file (minus the Directory statement) in that directory, but I couldn't get it to work:

    &Directory &/home/httpd/cp-cgi/&&
    AuthName &Control Panel&
    AuthType Basic
    AuthUserFile /etc/shadow
    AuthGroupFile /etc/group
    &Limit GET POST&
    require valid-user
    &/Limit&
    &/Directory&


    Any ideas of how I can get this to work correctly? Please help!!![/quote:281197469b]
     
  3. SoftmegUK

    SoftmegUK Well-Known Member

    Joined:
    Feb 13, 2002
    Messages:
    372
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    UK
    [quote:86ba7b4a4e][i:86ba7b4a4e]Originally posted by haider[/i:86ba7b4a4e]

    Hello Friend,

    I am also looking a way to somehow catch the cpanel password so that I can consolidate it with support sytem software but no success. If you know how to do it (as you look experienced) then please let me know....

    I also think that I can help you with the filemanager problem.

    THANKS.....!


    Regards,
    Haider Abbas
    [/quote:86ba7b4a4e]

    If you could catch the CPanel passwords wouln't it be less secure?
     
  4. haider

    haider Member

    Joined:
    Feb 25, 2002
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    [quote:7c4063c42b][i:7c4063c42b]Originally posted by SoftmegUK[/i:7c4063c42b]

    If you could catch the CPanel passwords wouln't it be less secure?[/quote:7c4063c42b]


    No it will not be dear sofmeguk as I want to catch it in the script using special technique and there are many big sites that are catch the password without any security threats :)
     
  5. Juanra

    Juanra Well-Known Member

    Joined:
    Sep 22, 2001
    Messages:
    777
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Spain
    [quote:ec97cbc981][i:ec97cbc981]Originally posted by haider[/i:ec97cbc981]
    I am also looking a way to somehow catch the cpanel password so that I can consolidate it with support sytem software but no success. If you know how to do it (as you look experienced) then please let me know....
    [/quote:ec97cbc981]

    http://support.cpanel.net/obb/read.php?TID=1951
     
Loading...

Share This Page