LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 08-14-2006, 06:32 PM   #1
exodist
Senior Member
 
Registered: Aug 2003
Location: Portland, Oregon
Distribution: Gentoo
Posts: 1,372

Rep: Reputation: 46
verify system username & password in a perl script


I am writing a perl cgi script, it will get a username and password from the user, it then needs to verify the username and password against the systems users. For various reasons I cannot simply use a password database seperate from the system on this one, it needs to be the system users.

so, how would I verify the username and password from within perl? I figure it would be simple if I could figure out how the passwords are encrypted in /etc/shadow (as inw hat command encrpyts the password string) then I could simply run:

Code:
$enc_pass = `echo "$Password" | password_encryptor`;
chomp($enc_pass);
open(SHADOW, '</etc/shadow');
foreach my $Line (<SHADOW>)
{
    return 1 if ($Line =~ m/^$username:$enc_pass/); #check if the encrypted password is on the same line as the username with only one colon between them (follows format of the shadow file)
}
close(SHADOW);
return 0;
#return 1 of it is valid, 0 if it is not.
 
Old 08-14-2006, 07:09 PM   #2
dinojerm
Member
 
Registered: Apr 2004
Location: NJ,US
Distribution: Debian Sid
Posts: 33

Rep: Reputation: 15
The password field of the shadow file should be formatted something like this: "$1$asdf$foo", with the first part ($1$asdf) being the salt (unique to each entry)
In order to check the password in perl, you need to use both the salt and the input password. You can use something like this: (after reading in the line from the shadow file and extracting the salt to $salt)
Code:
use Crypt::PasswdMD5;
$enc_pass=unix_md5_crypt($Password,$salt);
If the password is correct, this function should return the same "$1$asdf$foo" string that was in the shadow file.
 
Old 08-14-2006, 07:26 PM   #3
exodist
Senior Member
 
Registered: Aug 2003
Location: Portland, Oregon
Distribution: Gentoo
Posts: 1,372

Original Poster
Rep: Reputation: 46
sweet, thank you very much
 
Old 08-15-2006, 04:42 AM   #4
Intimidator
Member
 
Registered: Mar 2005
Distribution: FC4
Posts: 83

Rep: Reputation: 15
http://www.linuxquestions.org/questi...d.php?t=473878
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
username & password problem ubuntu azmike Linux - Software 5 08-22-2006 11:03 AM
bash script that uses username/password paul_mat Linux - Software 2 10-25-2005 10:44 PM
Resetting Username & Password - HELP Shanahan Fedora 3 05-12-2005 04:50 AM
can't install modem and forget username & password HadiHasan Linux - Hardware 2 03-10-2003 09:23 PM
can't install modem and forget username & password HadiHasan Linux - Networking 1 03-10-2003 03:27 AM


All times are GMT -5. The time now is 09:25 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration