|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Programmers: PAM Authentication through a web application?
|
On Fri, Jan 20, 2006 at 08:57:00AM -0800, Marc Zucchelli wrote:
> I know I could set /etc/shadow to use DES and compare with perls crypt()
> function, but those DES passwords seem so tiny and insecure.
Don't concern yourself with if a user's crypted password was computed
using DES or MD5 -- crypt(3) will handle both, depending upon which salt
you feed it. For example, to authenticate both DES and MD5 passwords in
the /etc/shadow file:
my $user = ...; # user supplied
my $pass = ...; # user supplied
my $shadow = (getpwnam $user)[1] || "!!";
die "Nope\n" unless (crypt($pass, $shadow) eq $shadow);
print "Okay\n";
Ofcourse, you must be root in order to read the crypted passwords from
/etc/shadow. Otherwise, every attempt will silently fail.
HTH,
-mct
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|