LinuxQuestions.org - authentication user by /etc/shadow

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - authentication user by /etc/shadow (https://www.linuxquestions.org/questions/linux-security-4/authentication-user-by-etc-shadow-184040/)

Thomas23

05-21-2004 05:43 AM

authentication user by /etc/shadow

the etc/shadow - file contains user-info,
including the encrypted password.

I would like to make a website with authentication
with these useraccounts.

Doing this, the user has to write his username and password,
and a script has to compare these with the existing username
and encrypted password in the shadow-file.

Can anybody tell me how i can encrypt the written password
in the same way as it has been done before it was saved in the
shadow file?

Thanks,
Thomas

Capt_Caveman

05-21-2004 09:32 PM

Have you tried using Apache's htaccess + htpasswd? To my knowledge htpasswd can do md5sum and crypt() password encryption.

http://httpd.apache.org/docs-2.0/howto/htaccess.html
http://httpd.apache.org/docs/programs/htpasswd.html

BoldKiller

05-22-2004 10:52 AM

There is also an other solution. Debian has a nice Apache module called auth_shadow (or similar). It allows to use directly the /etc/shadow file for user authentication.

It seems to work fine. But, for security reason, you would need to use SSL to transmit the password. This is quite easy to do.

Hope this helps,

All times are GMT -5. The time now is 04:03 PM.