unix authentication?

how to authenticate users based on /etc/shadow and /etc/passwd file in perl. Is there a function to encrypt a user supplied password and then to check that encrypted password against the /etc/shadow entry.

PasswdMD5 Perl Module

My OS is redhat linux 9.0 and so which module do i have to use. What encryption algorithm is used by redhat 9.0? And will that module provide function for authentication against the /etc/shadow file?

Search http://www.perl.com/CPAN/ for the exact module and instructions on installing.

I think the encryption algorithm is crypt.

Yes, it will.

my user name on redhat 9.0 server is 'temp' and i am unable

to open /etc/shadow file for looking for user password from

perl script.Permission is denied.So what should i do for

accessing /etc/shadow from my perl script? Do i need to

change some file permission to u+x or something like that?

Avoid using names like temp and test. They often come back to bite you because they are so often used for reserved words.

The Perl script only needs to read the /etc/passwd and /etc/shadow files, and they should already be 644 (-rwxr--r--).

What is returning "Permission is denied"? the Perl script? the shell?

ls -l /etc/passwd /etc/shadow

You should see:
-rw-r--r-- 1 root ... /etc/passwd
-rw-r----- 1 root ... /etc/shadow

If not, do this:

chmod 644 /etc/passwd
chmod 640 /etc/shadow

Now... if your Perl script is modifying /etc/passwd and /etc/shadow, you will have permission problems if you are not running the Perl script as root. Then again, you should really reconsider doing this!!!

I get the nagging feeling there's an easier way. Maybe a command line utility you can call from Perl....

Crypt-PasswdMD5-1.3 > Crypt::PasswdMD5



(Dont' forget the beer licence.)

Also look at these...

Crypt-Salt-0.01 > Crypt::Salt

Crypt-UnixCrypt-1.0 > Crypt::UnixCrypt

Is there any other way to do that without changing file

permissions?

You MUST NOT change /etc/shadow permissions. This file can be only read by root and that is ok.

You need to use some API or service which access /etc/shadow file for you. I don't know about CPAN but I guess it could be a solution.

Sorry, the permissions are as follows:
chown root.root passwd
chown root.shadow shadow
chmod 0644 passwd
chmod 0640 shadow

Thats a bit of a problem because SUID to root can result in a security hole. If you want to add shadow support to a program so that it can check passwords, it is safer to SUID to shadow.

You may find life a little easier using this module:

Passwd-Linux-0.70 > Passwd::Linux

If you want to use c, try:

include <shadow/shadow.h>
include <shadow/pwauth.h>

I've never done this before on unix so I don't know what security risk it causes, but my first idea would be to do a system "sudo" with the given username and password. You'll know directly if the credentials are correct without having to abuse /etc/shadow