joltman，

我们正在开发一个我们需要的内部网站点用户只能在某些情况下访问自己的页面。我们考虑的是，如果我们可以使用相同的凭据（用户名和密码）作为他们的
linux凭据，而不是在混合中引入另一个密码。该网站将运行在我们想要访问凭证的同一台机器上。

We''re working on an intranet site where we will require user''s to only
be able to access their own page in some instances. Rather than
introducing another password to the mix, we were thinking about seeing
if we could use the same credentials (username and password) as their
linux credentials. The web site will be running off of the same machine
that we want to access the credentials on.

我建议不要这样做，因为PHP / Apache会需要读取访问

linux密码文件。虽然有可能。您将使用用户名和密码阅读linux

密码文件，并使用相同的

算法来检查密码。


我确切地忘记了检查算法是如何工作的，但你可以做一个

谷歌搜索并找到它。


Mike

I would advice against this as PHP/Apache would need read access to the
linux password file. Although it is possible. You would read the linux
password file with the usernames and passwords and use the same
algorithm for checking the passwords.

I forget exactly how the algorithm for checking works but you can do a
google search and find it.

Mike

joltman写道：

joltman wrote:

我们正在内部网站上工作，我们将要求用户'
只能访问他们自己的网站在某些情况下的页面。我们考虑使用相同的凭据（用户名和密码）作为他们的
linux凭证，而不是在混合中引入另一个密码。该网站将运行我们想要访问凭据的同一台
机器。

We''re working on an intranet site where we will require user''s to only be able to access their own page in some instances. Rather than
introducing another password to the mix, we were thinking about seeing if we could use the same credentials (username and password) as their
linux credentials. The web site will be running off of the same machine that we want to access the credentials on.

凭据（用户名和加密密码）从Linux密码文件/ etc /密码中读取可用的
。如果您知道在Linux系统上使用了什么加密并且可以使用PHP重现它，那么您应该能够对Linux的用户进行身份验证

数据库。


至于能够要求用户只能访问他们自己的

页面，这将是略有的更复杂。通常，PHP

被配置为Apache模块，因此任何PHP应用程序都使用

Apache的凭据运行。因此，您必须将访问控制

放入您的应用程序逻辑中，或者找出一种方法来代表特定用户将您的

应用程序作为CGI程序启动。 。


欢呼，

NC

The credentials (the user name and encrypted password) are available
for reading from Linux password file, /etc/password. If you know
what encryption is used on your Linux system and can reproduce it
with PHP, you should be able to authenticate against Linux'' user
database.

As to being able "require users to only be able to access their own
page", this is going to be slightly more complicated. Usually, PHP
is configured as an Apache module, so any PHP application runs with
Apache''s credentials. So you will have to either put access control
into your application logic or figure out a way to start your
application as a CGI program on behalf of a particular user...

Cheers,
NC

joltman< jo *** **@geocities.com>写道：

joltman <jo*****@geocities.com> wrote:

我们正在内部网站上工作，我们将要求用户在某些情况下只能访问自己的页面。我们考虑的是，如果我们可以使用相同的凭据（用户名和密码）作为他们的
linux凭据，而不是在混合中引入另一个密码。该网站将运行在我们想要访问凭证的同一台机器上。

We''re working on an intranet site where we will require user''s to only
be able to access their own page in some instances. Rather than
introducing another password to the mix, we were thinking about seeing
if we could use the same credentials (username and password) as their
linux credentials. The web site will be running off of the same machine
that we want to access the credentials on.

这是可能的但是像其他人一样已经陈述：潜在危险

因为apache需要能够读取密码文件（/ etc / shadow在

大多数情况下）。因此请谨慎使用： http://pam.sourceforge.net/mod_auth_pam/

It''s possible but like others have already stated: potenitally dangerous
since apache needs to be able to read the password files (/etc/shadow in
most cases). So use with care: http://pam.sourceforge.net/mod_auth_pam/