Re: [ph-perl] Password Checking.

Top Page
Author: Sherwin Daganato
Date:  
To: ph-perl
Subject: Re: [ph-perl] Password Checking.
On Thu, Jan 30, 2003 at 07:46:42PM -0500, Kevin Hoffer wrote:
> I am a sys admin for a ISP and the owner wants to be able to verify a
> users password. Basicly he wants to be able to type in the command and
> have it ask for a username and password and then verify the password is or
> isn't correct in the /etc/shadow file. Any Clues or Help?


Carmen posted a code[1] for checking password awhile back. Use that
code and save it into a file. Then, create a user that can execute that
file via sudo. You need to do this because only superuser can extract
the crypted password from /etc/shadow. Your sudoers entry should look
something like this:

myuser    mybox = NOPASSWD: /usr/local/bin/checkpasswd


Create another program executable only by the user that you created
(e.g. myuser) and write something like this:

system('/usr/bin/sudo', '/usr/local/bin/checkpasswd', '-user=myuser',
'-pass=mypass');

Lastly, protect your programs from crackers. Don't trust unsanitized user
inputs. Read more about perl security (perldoc perlsec).

See the thread of "check password" in the archives[2] for more
information.

[1] http://lists.q-linux.com/pipermail/ph-perl/2002-March/000275.html
[2] http://lists.q-linux.com/pipermail/ph-perl/2002-March/thread.html


HTH
--
$_=q:; # SHERWIN #
70;72;69;6e;74;20;
27;4a;75;73;74;20;
61;6e;6f;74;68;65;
72;20;50;65;72;6c;
20;6e;6f;76;69;63;
65;27;:;;s=~?(..);
?=pack q$C$,hex$1;
;;;=egg;;;;eval;;;
_______________________________________________
ph-perl mailing list
ph-perl@???
http://lists.q-linux.com/mailman/listinfo/ph-perl