Michael C. Toren on 20 Jan 2006 18:00:16 -0000 |
On Fri, Jan 20, 2006 at 08:57:00AM -0800, Marc Zucchelli wrote: > I know I could set /etc/shadow to use DES and compare with perls crypt() > function, but those DES passwords seem so tiny and insecure. Don't concern yourself with if a user's crypted password was computed using DES or MD5 -- crypt(3) will handle both, depending upon which salt you feed it. For example, to authenticate both DES and MD5 passwords in the /etc/shadow file: my $user = ...; # user supplied my $pass = ...; # user supplied my $shadow = (getpwnam $user)[1] || "!!"; die "Nope\n" unless (crypt($pass, $shadow) eq $shadow); print "Okay\n"; Ofcourse, you must be root in order to read the crypted passwords from /etc/shadow. Otherwise, every attempt will silently fail. HTH, -mct ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|