| Pat Regan on 20 Jan 2006 22:31:45 -0000 |
|
Marc Zucchelli wrote: > I am reinventing the wheel again, I am building a > webhosting control panel, and I would like users to > sign in with their FTP password. I am trying to > figure out the best way of accomplishing this. > > 1. I could keep an updated md5 hash of their password > in a database that I can authenticate against. > > 2. I could set /etc/shadow to use md5 and > authenticate against that, this way the password hash > will only be stored in one place, which is good. The > only problem is that: > echo "123456" | md5sum > > gives me: > > f447b20a7fcbf53a5d5be013ea0b15af > > But an md5 password of 123456 in /etc/shadow looks > more like this: > > $1$IlxzSzzz$Iagtf0Kf88rsCAUXzUlKf1 > > How am I supposed to compare the two? You shouldn't have to know how any of this is implemented, and you probably should query against PAM. I don't know what language you are using, but this Perl module seems to be the sort of thing you should use: http://search.cpan.org/~nikip/Authen-PAM-0.16/d/PAM.pm Pat Attachment:
signature.asc ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|