The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

protected support/knowledge base area (how to)

Discussion in 'General Discussion' started by Radio_Head, Aug 13, 2002.

  1. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    I am still searching to create a protected support area where
    my client may login with their user and password .


    I tried using following .htaccess

    ==============
    AuthType Basic
    AuthName &support area&
    AuthUserFile /etc/passwd

    require valid-user
    ==============

    but it doesn't work ...
    anyone can help me ?

    Thank you
     
  2. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    Use PAM (Pluggable Authentication Modules) also you can install mod_auth_pam

    I don't write an step by step guide because so many security issues are available and also so many nooks and crannies

    If you are familiar with security and PAM you can use it, by mixing PAM with PHP and Perl you could do whatever you want
     
  3. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    I’ve received a lot of requests regarding PAM (Pluggable Authentication Modules), helpdesk and protected directories using /etc/shadow passwords (system passwords)

    [b:ce2ae59cd8].htaccess with /etc/shadow passwords?
    How to protect directories using system passwords?
    [/b:ce2ae59cd8]
    You have to install mod_auth_pam Apache module you can find it here with all of its documents http://pam.sourceforge.net/mod_auth_pam/

    After installing this module Apache automatically will use mod_auth_pam for .htaccess
    Also you have to make a second copy of /etc/shadow file and chgrp it to nobody group to make it readable by Apache ([b:ce2ae59cd8]Attention: do not change group of /etc/shadow file directly make a second copy[/b:ce2ae59cd8])

    [b:ce2ae59cd8]WARNING: I do not recommend using mod_auth_pam due to its high security risks, because all of your local users have .htaccess file[/b:ce2ae59cd8]

    [b:ce2ae59cd8]How to use system passwords (/etc/shadow) for my helpdesk?[/b:ce2ae59cd8]

    PAM is accessible through programming languages like C, Perl, Python and even PHP and etc.
    With this methods (programming) it is not necessary to install mod_auth_pam module.
    For a list of complete PAM modules implemented in programming languages refer to http://www.kernel.org/pub/linux/libs/pam/

    In Perl use Auth::PAM (Perl module), you can easily check out valid system users even changing their passwords too. (read Auth::PAM details in the CPAN.org)

    [b:ce2ae59cd8]It is recommended to use programming techniques instead of mod_auth_pam module, [/b:ce2ae59cd8]also make sure that you know how to write secure programs (there are many guides and how-tos about developing secure programs)
     
  4. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    [quote:0368f82e31][i:0368f82e31]Originally posted by itf[/i:0368f82e31]

    I’ve received a lot of requests regarding PAM (Pluggable Authentication Modules), helpdesk and protected directories using /etc/shadow passwords (system passwords)

    [b:0368f82e31].htaccess with /etc/shadow passwords?
    How to protect directories using system passwords?
    [/b:0368f82e31]
    You have to install mod_auth_pam Apache module you can find it here with all of its documents http://pam.sourceforge.net/mod_auth_pam/

    After installing this module Apache automatically will use mod_auth_pam for .htaccess
    Also you have to make a second copy of /etc/shadow file and chgrp it to nobody group to make it readable by Apache ([b:0368f82e31]Attention: do not change group of /etc/shadow file directly make a second copy[/b:0368f82e31])

    [b:0368f82e31]WARNING: I do not recommend using mod_auth_pam due to its high security risks, because all of your local users have .htaccess file[/b:0368f82e31]

    [b:0368f82e31]How to use system passwords (/etc/shadow) for my helpdesk?[/b:0368f82e31]

    PAM is accessible through programming languages like C, Perl, Python and even PHP and etc.
    With this methods (programming) it is not necessary to install mod_auth_pam module.
    For a list of complete PAM modules implemented in programming languages refer to http://www.kernel.org/pub/linux/libs/pam/

    In Perl use Auth::PAM (Perl module), you can easily check out valid system users even changing their passwords too. (read Auth::PAM details in the CPAN.org)

    [b:0368f82e31]It is recommended to use programming techniques instead of mod_auth_pam module, [/b:0368f82e31]also make sure that you know how to write secure programs (there are many guides and how-tos about developing secure programs)[/quote:0368f82e31]

    Thank you itf ,

    solution 1 is easy (mod_auth_pam) but it doesn't seem safe :( .

    Solution 2 to protect the helpdesk is ok , however anyone has just written a perl login script which use the Auth::PAM module ?
    There is no solution using/writing a php login script which use user and password contained in /etc/passwd ?
     
  5. mikerayner

    mikerayner Well-Known Member

    Joined:
    Apr 10, 2002
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    ITF,

    Would you please reveal “support center” section of OBS/IBQ (online banking system) as a GNU software, it uses system passwords, crypt-passwd and mail-from techniques for auto detecting clients support requests and very helpful if it could be released as our helpdesk? This is what me, Radio_Head and so many others seeking for?
     
  6. mikerayner

    mikerayner Well-Known Member

    Joined:
    Apr 10, 2002
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
  7. itf

    itf Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    624
    Likes Received:
    0
    Trophy Points:
    16
    [quote:3f7051d9e4][i:3f7051d9e4]Originally posted by Radio_Head[/i:3f7051d9e4]

    Thank you itf ,

    solution 1 is easy (mod_auth_pam) but it doesn't seem safe :( .

    Solution 2 to protect the helpdesk is ok , however anyone has just written a perl login script which use the Auth::PAM module ?
    There is no solution using/writing a php login script which use user and password contained in /etc/passwd ?
    [/quote:3f7051d9e4]

    As I wrote in my last post PAM module is available for PHP too, refer to my last post

    MikeRayner,

    the answers are YES and NO, we've developed that software for a financial entity and it's a proprietorship software we can't release it exactly as you see, I think you need its helpdesk that we run in our company, please contact me directly; this is a public forum!!!
     
Loading...

Share This Page