I am creating some sort of cPanel, and I want people to be able to log in using their Linux user. I installed the PAM extension, but it's functions aren't recognized/return nothing. Installing it using the pecl command does not work (some ./configure errors, I am not really in a mood to fix them).
I've also heard of a POSIX function you could use to return a user's encrypted password, but I'd rather not use it.
Permissions are no problem, I run this website as root (or I can give it the permissions it needs).

Thanks in advance,


Recommended Answers

All 18 Replies

right - lets figure out what you're doing...

So you are creating a cPanel, and people go to example.com, then login? Or is this just something for use yourself on your own machine?

Yes, the first one. I am sort of a webhost. My situation is more explained here. But that question is solved.

So you're just asking the same question again?

No, not at all. This is a complete different question. But in the other topic, my situation is more explained.

You need to make it crystal clear what you are using the cPanel for, and how you plan to develop it- because personally I'm a bit lost on what you're trying to do here.

I make a control panel to:

  • Create Virtual Hosts
  • Edit your website
  • etcetera

Every user who is going to use my control panel, has his own UNIX account. I want him to be able to log in using the credentials for that account.
Clear enough?

Right here we go...

So you are trying to install the PAM extension, but it doesn't seem to work? Are there any error messages at all? If not, I would try a blank file with the simplest working so you can check your code.

You are aware that you can run a cPanel on a server without any Unix/Linux accounts etc at all, because in theory you should be using the PHP file handling functions.

I am aware that I can run a control panel without any Linux accounts, but for the FTP, file permissions etc I already had to create an account. So then, I want to keep stuff simple, one account for everything. I will check for errors with the PAM extension, I'll post if I find some.

Show your code. Also PAM extension is working for you? You can install it also via apt:

sudo apt-get install php5-auth-pam

then try:

echo $error;

pam_auth() will return boolean true on login, otherwise you can display the errors by echoing the third argument &$error.

I get a 500 error. I am using the CGI PHP with Apache2.
My code:

<title>Web hosting panel</title>
$username = $_POST['username'];
$password = $_POST['password'];
echo 'user: ' . $username . ' pass: ' . $password . '<br>';

if(pam_auth($username, $password, $error)) {
        echo('auth success');
} else {

echo '<br>test'

A lot of debugging bullshit in this code.

Note the ampersand in my example: pam_auth('username','password',&$error); & is needed since the variable is passing by reference otherwise you get errors.

After this, if you still get errors check PHP and Apache log files, from there probably we can understand the nature of the problem.

Used the ampersand, got this error in the Apache2 log:

[Tue Apr 30 22:46:25 2013] [error] [client my.external.ip] PHP Fatal error:  Call to undefined function pam_auth() in /home/hostingpanel/www/hosting.example.com/panel.php on line 11, referer: http://hosting.example.com/

I got no 500, but there was no code interpreted after the if-then-else with the auth function.

It might be worth noting that I am running each VirtualHost on my server on it's own user (or well, the user of the domain's owner). So maybe (but I don't think so) my hostingpanel user has no permission for this.

Ok, probably the pam extension is not loaded by your php.ini file, so add it to the file:

sudo nano /etc/php5/cgi/php.ini

and add extension=pam_auth.so to the bottom of the file, then reload apache:

sudo service apache2 reload

and check if it works fine. You can also check it from phpinfo() or by running php -i |grep pam into the terminal, if pam is loaded it will output some information.

Ok, I did that, but it gives me the PAM error "Authentication failure".
I double-checked my password and I echoed it to the page, it is correct.
But when I try to use the username and password of the user the website is running on, it tells me it's correct! Do I have to give the webserver user some specific permission-like stuff?

right brilliant, now please mark as solved.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.