[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-developers] password and user files

Subject: RE: [cobalt-developers] password and user files
From: "Steve Churcher" <Steve@xxxxxxxxxxxxxxx>
Date: Thu Oct 19 11:48:36 2000
List-id: Mailing list for developers on Cobalt Networks products <cobalt-developers.list.cobalt.com>

just to let those interested know, heres the answer and it works a treat,
thanks to Jonathan Michaelson:

Put the following perl script behind your .htaccess file. It's a bit of a
hack, but
produces the results on the Cobalt RaQs:

#!/usr/bin/perl
opendir (DIR, "/home/sites");
while ($file = readdir (DIR)) {
	$link = readlink ("/home/sites/$file");
	if ($link) {
		@levels = split (/\//,$link);
		$domains{$levels[-1]} = $file;
	}
}
closedir (DIR);
$user = $ENV{REMOTE_USER};
$shell = (getpwnam $user)[7];
if ($shell =~ /site\d+/) {$site = $&;} else {$site = "home";}
print "content-type: text/html\n\n";
print " User:[$user] Domain:[$domains{$site}]\n";
exit;

> -----Original Message-----
> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Jeff Lasman
> Sent: 19 October 2000 04:35
> To: cobalt-developers@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-developers] password and user files
>
>
> Steve Churcher wrote:
>
> > Im trying to write a support section for our company which I
> want to only be
> > available to users of the server, so I have two questions:
> >
> > 1) Can I include an .htaccess file which uses the main password
> list for the
> > server for authorisation, if so does this maybe cause a
> security problem???
>
> Maybe I'm wrong, but I have a sneaky feeling the RaQs do this by
> default, if you don't include the "AuthPAM_Enabled off" line.
>
> > 2) when they have logged in, is there a way to find out what
> domain name the
> > username is linked to?
>
> I was about to say "Sure, easy, just grep and parse the /etc/passwd
> file" until I realized that apache has no idea who has logged in, only
> that someone has.  After all, apache is stateless; it's actually your
> browser that's handling the login.
>
> So you'd need a way for the user to handle his own login, then write a
> cookie to his machine with his site name.  Then read that cookie on
> every request where the site is important.
>
> BTW, this is very generic apache stuff, and there are sites much better
> suited for this kind of question.
>
> Jeff
> --
> Jeff Lasman <jblists@xxxxxxxxxxxxx>
> nobaloney.net
> P. O. Box 52672
> Riverside, CA  92517
> voice: (909) 787-8589  *  fax: (909) 782-0205
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>

References:
- Re: [cobalt-developers] password and user files
  - From: Jeff Lasman

Prev by Date: RE: [cobalt-developers] can't install RPM's
Next by Date: Re: [cobalt-developers] can't install RPM's
Previous by thread: Re: [cobalt-developers] password and user files
Next by thread: [cobalt-developers] unix mail accounts

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index