I am writing a program, users need to have a valid account on the system to use the program, so ins hort they give the program their username and password, the program than needs to verify the account is a valid system account, and verify the password is the correct password for that system account.

I am writing this script in perl, but might end up doing similar in php, both can issue shell commands, so I would like it to be a command I can run at the shell prompt. Anyone know how to accomplish this?

I have been searching liek mad all over the place and I am guessing I simply lack the understanding necessary to formulate a proper search string.

Any reason why you can't use sudo and echo in the username and password?

So basically you want your code to authenticate users against already existing system accounts.Am I right?

Hmm...not quite clear...Do you mean...
[QUOTE=exodist
I have been searching liek mad all over the place and I am guessing I simply lack the understanding necessary to formulate a proper search string.
[/QUOTE]

Okay...this might help...

will check if the username "arvind" is a valid account or not..

Checking if the pwd is correct may not be that simple though...as passwords are shadow encrypted in Linux.You might want your code to automatically take user's password input , run it through a shadow converter , put it in a variable and then do something like...

... to see if theres a match...If yes then see is its for the same username as entered b4...and you're in business..

If I've misunderstood what you need...let me know...
Cheers
Arvind
p.s.....The guys in the programming forum may be able to help you a bit more though ... so probably this post sh ould have been there

thank you.

cdhgee: I do not see how duso can accomplish what I want

live_dont_exist: You understood what I wanted just fine, and you got just as far as I did. Problem is that echo "$password" | shadow does not produce the same encrypted string as the one in /etc/shadow.

There is another question I should have more clearly asked, please see below the solution:

However The people on the programming forum were able to help me. The string in the /etc/shadow in the password section contain both the encrypted password, and the seed used to generate it which is different for each password, using just this information I would guess you can pass botht he string and the seed to shadow, however I do not knwo for sure, the script I am writing is in perl and I was informed of a perl module to use for encrypting the string using the seed, so I am now good.

As for posting this in the programming section, I posted a different question in the programming forum, there I specifically requested information on how to accomplish my task. I figured someone in the programming forum could give me a code snippet or a perl module to use, and that would be great for the program.

I also had the goal of figuring out how the /etc/shadow file worked, and how the linux security was setup. here I posted a question to improve my greater understanding of linux security, and mentioned why I needed the info... hopefully I did not violate any double-posting rules, if I did I appologize.

A better question

The obove solution is great on a system with /etc/shadow holding the passwords. But I know some systems use pam, and possibly other methods of managing users and passwords, I was hoping there was a system utility or command or something that would work regardless of what method you use. I know the 'login' command accomplishes something similar to this, it is what presents the initial system login, and it is the same both on pam and shadow, so I was hoping there was something similar a user could just call and use.

You don't have all those..Try this..

The function returns 1 if the user and passwd match 0 otherwise

U can try this too as explained above

Good stuff... chill about the double post...I just felt it looked more of a coding quest .. thats all... You mentioned the seed also being stored inside the shadow password in /etc/shadow...so maybe if your code can first grab the seed of the user account...and then use it while passing it through "shadow" converter..it'll work...but then again...If ther is a module which does that ... ...

The "Login" binary ...I did think of that ...but there would be permission issues I believe if ou tried to call it directly as a normal user...as in...

However if u can call "login" ... without any issue(just try and directly at a shell first) .. then system("/bin/login") might just work in your code without u using all those modules...

arvind@attack$ /bin/login
Error: permission denied???

This is what I think will happen...not sure...let me know if it works though...

Cheers n all the best
Arvind

Intimidator:

Wow... for the moment I will assume what you sent works... but I do not liek to use code if I do not understand it, I will avoid socket 101 questions and skip tot he details I would like:

service_port=61237 Why this port, what is it's significance? is it designated as the login port? or is it arbitrary, if so how/why does this work?

I was gonna ask a few other questions, like why the chunk='' what the hell is chunk, but then I noticed this is neither shell nor perl, it is a language I do not recognise immediately... and I am assuming it is something I would understand if I used sockets in that specific language.

The only other quation is what is the \r escape character? I have never used it.

\r is a carriage return. Mac uses \r for line endings, Windows uses \r\n and *nix uses \n.

maybe u cud have a look at pam_auth:

http://www.math.ohio-state.edu/~ccunning/pam_auth/