LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-14-2006, 06:25 PM   #1
exodist
Senior Member
 
Registered: Aug 2003
Location: Portland, Oregon
Distribution: Arch
Posts: 1,374

Rep: Reputation: 47
howto: verify a user/pass at the shell prompt.


I am writing a program, users need to have a valid account on the system to use the program, so ins hort they give the program their username and password, the program than needs to verify the account is a valid system account, and verify the password is the correct password for that system account.

I am writing this script in perl, but might end up doing similar in php, both can issue shell commands, so I would like it to be a command I can run at the shell prompt. Anyone know how to accomplish this?

I have been searching liek mad all over the place and I am guessing I simply lack the understanding necessary to formulate a proper search string.
 
Old 08-15-2006, 03:21 AM   #2
cdhgee
Member
 
Registered: Oct 2003
Location: St Paul, MN
Distribution: Fedora 8, Fedora 9
Posts: 513

Rep: Reputation: 30
Any reason why you can't use sudo and echo in the username and password?
 
Old 08-15-2006, 03:24 AM   #3
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
Quote:
Originally Posted by exodist
I am writing a program, users need to have a valid account on the system to use the program, so ins hort they give the program their username and password, the program than needs to verify the account is a valid system account, and verify the password is the correct password for that system account.
So basically you want your code to authenticate users against already existing system accounts.Am I right?

Quote:
Originally Posted by exodist
I am writing this script in perl, but might end up doing similar in php, both can issue shell commands, so I would like it to be a command I can run at the shell prompt. Anyone know how to accomplish this?
Hmm...not quite clear...Do you mean...
Code:
arvind# ./code
[QUOTE=exodist
I have been searching liek mad all over the place and I am guessing I simply lack the understanding necessary to formulate a proper search string.
[/QUOTE]

Okay...this might help...

Code:
grep arvind /etc/passwd
will check if the username "arvind" is a valid account or not..

Checking if the pwd is correct may not be that simple though...as passwords are shadow encrypted in Linux.You might want your code to automatically take user's password input , run it through a shadow converter , put it in a variable and then do something like...

Code:
grep $PASS /etc/shadow
... to see if theres a match...If yes then see is its for the same username as entered b4...and you're in business..

If I've misunderstood what you need...let me know...
Cheers
Arvind
p.s.....The guys in the programming forum may be able to help you a bit more though ... so probably this post sh ould have been there

Last edited by live_dont_exist; 08-15-2006 at 03:25 AM.
 
Old 08-15-2006, 04:22 AM   #4
exodist
Senior Member
 
Registered: Aug 2003
Location: Portland, Oregon
Distribution: Arch
Posts: 1,374

Original Poster
Rep: Reputation: 47
thank you.

cdhgee: I do not see how duso can accomplish what I want

live_dont_exist: You understood what I wanted just fine, and you got just as far as I did. Problem is that echo "$password" | shadow does not produce the same encrypted string as the one in /etc/shadow.

There is another question I should have more clearly asked, please see below the solution:

However The people on the programming forum were able to help me. The string in the /etc/shadow in the password section contain both the encrypted password, and the seed used to generate it which is different for each password, using just this information I would guess you can pass botht he string and the seed to shadow, however I do not knwo for sure, the script I am writing is in perl and I was informed of a perl module to use for encrypting the string using the seed, so I am now good.

As for posting this in the programming section, I posted a different question in the programming forum, there I specifically requested information on how to accomplish my task. I figured someone in the programming forum could give me a code snippet or a perl module to use, and that would be great for the program.

I also had the goal of figuring out how the /etc/shadow file worked, and how the linux security was setup. here I posted a question to improve my greater understanding of linux security, and mentioned why I needed the info... hopefully I did not violate any double-posting rules, if I did I appologize.

A better question

The obove solution is great on a system with /etc/shadow holding the passwords. But I know some systems use pam, and possibly other methods of managing users and passwords, I was hoping there was a system utility or command or something that would work regardless of what method you use. I know the 'login' command accomplishes something similar to this, it is what presents the initial system login, and it is the same both on pam and shadow, so I was hoping there was something similar a user could just call and use.
 
Old 08-15-2006, 04:23 AM   #5
Intimidator
Member
 
Registered: Mar 2005
Distribution: FC4
Posts: 83

Rep: Reputation: 15
You don't have all those..Try this..

The function returns 1 if the user and passwd match 0 otherwise

Code:
import socket
def matchpasswd(login,passwd):
	service_port=61237
	address='IP_ADDRESS'
	new_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)#initialise the socket
	if new_socket<0 :
		print "socket.socket() failed"
	connect=new_socket.connect((address,service_port))#connect to server	
	tosend="auth "+login+" "+passwd+"\r\n" # the format of authoristaion
 	chunk=''
	sent=new_socket.send(tosend)
	chunk=new_socket.recv(128)
	new_socket.close()
	if chunk=="1 match":
		return 1
	else:
		return 0
U can try this too as explained above

Last edited by Intimidator; 08-15-2006 at 04:41 AM.
 
Old 08-15-2006, 04:48 AM   #6
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
Good stuff... chill about the double post...I just felt it looked more of a coding quest .. thats all... You mentioned the seed also being stored inside the shadow password in /etc/shadow...so maybe if your code can first grab the seed of the user account...and then use it while passing it through "shadow" converter..it'll work...but then again...If ther is a module which does that ... ...

The "Login" binary ...I did think of that ...but there would be permission issues I believe if ou tried to call it directly as a normal user...as in...

However if u can call "login" ... without any issue(just try and directly at a shell first) .. then system("/bin/login") might just work in your code without u using all those modules...

arvind@attack$ /bin/login
Error: permission denied???

This is what I think will happen...not sure...let me know if it works though...

Cheers n all the best
Arvind

Last edited by live_dont_exist; 08-15-2006 at 04:50 AM.
 
Old 08-15-2006, 04:59 AM   #7
exodist
Senior Member
 
Registered: Aug 2003
Location: Portland, Oregon
Distribution: Arch
Posts: 1,374

Original Poster
Rep: Reputation: 47
Intimidator:

Wow... for the moment I will assume what you sent works... but I do not liek to use code if I do not understand it, I will avoid socket 101 questions and skip tot he details I would like:

service_port=61237 Why this port, what is it's significance? is it designated as the login port? or is it arbitrary, if so how/why does this work?

I was gonna ask a few other questions, like why the chunk='' what the hell is chunk, but then I noticed this is neither shell nor perl, it is a language I do not recognise immediately... and I am assuming it is something I would understand if I used sockets in that specific language.

The only other quation is what is the \r escape character? I have never used it.
 
Old 08-15-2006, 05:07 AM   #8
cdhgee
Member
 
Registered: Oct 2003
Location: St Paul, MN
Distribution: Fedora 8, Fedora 9
Posts: 513

Rep: Reputation: 30
\r is a carriage return. Mac uses \r for line endings, Windows uses \r\n and *nix uses \n.
 
Old 08-16-2006, 05:16 AM   #9
~=gr3p=~
Member
 
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227

Rep: Reputation: 30
maybe u cud have a look at pam_auth:

http://www.math.ohio-state.edu/~ccunning/pam_auth/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Howto: Linux write (burn) data to DVD or DVD/RW at shell prompt LXer Syndicated Linux News 0 07-11-2006 03:21 PM
verify if the same shell script is executing in background hicham007 Programming 2 08-07-2005 05:40 AM
howto verify link speed musicman_ace Linux - Networking 1 07-14-2005 03:47 PM
Pass SCP User passward in shell program michaelyu33 Programming 3 03-18-2005 12:15 PM
How to pass arguments from $prompt for php script ukjairaj Linux - Software 4 06-25-2004 11:14 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:45 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration