>> Ok, here's the whole project, I have an openbsd box using authpf which >> uses authentication via ssh login. So, i'm trying to create a weblogin >> using php so people just have to enter their username/password (which >> would be a restricted unix account) to gain access to the internet. I >> have authpf all setup, but I'd like to add a web login to make it more >> user friendly. Thanks > > Ah, makes sense. Authorized_keys may be a good way to go. You may wish to > run an instance of ssh-agent as the Apache user, and create a single ssh > key for that user - importing the PID as an environment variable before > you run your exec() line ought to make it work. You may have some > difficulties keeping that ssh session open directly from PHP, though. > > I wonder whether you aren't subverting your network security somewhat, by > enacting strict controls (with authpf) and then routing around them with > an insecure web login. > > -mike.
Adding SSL to the mix would probably fix the insecure login part. -- --Matthew Sims --<http://killermookie.org> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
