From owner-freebsd-questions  Thu Sep  7 11:51:49 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from kottan-labs.bgsu.edu (kottan-labs.bgsu.edu [129.1.133.123])
	by hub.freebsd.org (Postfix) with SMTP id CA33637B42C
	for <freebsd-questions@freebsd.org>; Thu,  7 Sep 2000 11:51:47 -0700 (PDT)
Received: (qmail 17245 invoked from network); 7 Sep 2000 18:54:39 -0000
Received: from m133-122.bgsu.edu (HELO gmx.net) (129.1.133.122)
  by kottan-labs.bgsu.edu with SMTP; 7 Sep 2000 18:54:39 -0000
Message-ID: <39B7E4B5.4EFAB779@gmx.net>
Date: Thu, 07 Sep 2000 14:55:49 -0400
From: Raoul Schroeder <memphis_ms@gmx.net>
X-Mailer: Mozilla 4.74 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: freebsd-questions <freebsd-questions@freebsd.org>
Subject: PHP password authentication
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hi,

I set up apache to run with SSL and PHP.
I would like it to be possible for the intranet users to authenticate
themselves against the standard FreeBSD passwd file.
Two questions:

a) is this a major security breach (I cannot imagine so, other than
being able to repeatedly try to authenticate, something which could be
controlled by using sessions, but then, i may be completely wrong)

b) is this doable and how?

Thanks a lot,

Raoul



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message