Menu
▾
▴
Re: [webmin-l] How do webmin authenticates the users
|
From: Jamie C. <jca...@we...> - 2006-09-07 16:13:42
|
On 7/Sep/2006 00:36 Lei, Zhi Yong wrote ..
> Hi
> I have a question of how webmin check the user is legal or not.
> I installed webmin 1.290 source code
>
> I found that the server code (miniserv.pl) will call following code to
> generate the login web page:
> sub run_login_script
> {
> if ($config{'login_script'}) {
> system($config{'login_script'}.
> " ".join(" ", map { quotemeta($_) } @_).
> " >/dev/null 2>&1 </dev/null");
> }
> }
Actually, that function is for running a command after the user logs in.
It is not used by default, but was added to support sites that want to do
their own additional logging or whatever..
> now the case is I can't find where is the code in session_login.cgi to
> authenticate users.
> in another words: i cann't understand how did webmin switch from login
> page to the main page if the users if legal and corretly inputed
> username and password,
>
> the code in session_login.cgi :
> print "$text{'session_prefix'}\n";
> print "<form action=$gconfig{'webprefix'}/session_login.cgi
> method=post>\n";
> print "<input type=hidden name=page
> value='".&html_escape($in{'page'})."'>\n";
> print "<table border width=40%>\n";
> print "<tr $tb> <td><b>$text{'session_header'}</b></td> </tr>\n";
> print "<tr $cb> <td align=center><table cellpadding=3>\n";
>
> the above code shows that after the user click login , the corresponding
> cgi script is still session_login.cgi , but i can't find the
> authenticate code
> in this file .and i am confused :
> after executing the session_login.cgi , which cgi file will be executed
> immediatelly by webmin ?
session_login.cgi actually just generates the login page. The real code for
authentication users is in miniserv.pl, starting at line 1134. It checks
various password files, PAM and configuration settings related to allowed users..
- Jamie
|