I am writing a perl cgi script, it will get a username and password from the user, it then needs to verify the username and password against the systems users. For various reasons I cannot simply use a password database seperate from the system on this one, it needs to be the system users.
so, how would I verify the username and password from within perl? I figure it would be simple if I could figure out how the passwords are encrypted in /etc/shadow (as inw hat command encrpyts the password string) then I could simply run:
Code:
$enc_pass = `echo "$Password" | password_encryptor`;
chomp($enc_pass);
open(SHADOW, '</etc/shadow');
foreach my $Line (<SHADOW>)
{
return 1 if ($Line =~ m/^$username:$enc_pass/); #check if the encrypted password is on the same line as the username with only one colon between them (follows format of the shadow file)
}
close(SHADOW);
return 0;
#return 1 of it is valid, 0 if it is not.