unix authentication?

  • akaash
  • Beginner
  • Beginner
  • akaash
  • Posts: 62
  • Loc: Gujurat,India

Post 3+ Months Ago

how to authenticate users based on /etc/shadow and /etc/passwd file in perl. Is there a function to encrypt a user supplied password and then to check that encrypted password against the /etc/shadow entry.
  • rjmthezonenet
  • Expert
  • Expert
  • User avatar
  • Posts: 526
  • Loc: St. John's, Newfoundland, Canada

Post 3+ Months Ago

PasswdMD5 Perl Module
  • akaash
  • Beginner
  • Beginner
  • akaash
  • Posts: 62
  • Loc: Gujurat,India

Post 3+ Months Ago

My OS is redhat linux 9.0 and so which module do i have to use. What encryption algorithm is used by redhat 9.0? And will that module provide function for authentication against the /etc/shadow file?
  • rjmthezonenet
  • Expert
  • Expert
  • User avatar
  • Posts: 526
  • Loc: St. John's, Newfoundland, Canada

Post 3+ Months Ago

Search http://www.perl.com/CPAN/ for the exact module and instructions on installing.

I think the encryption algorithm is crypt.

Yes, it will.
  • akaash
  • Beginner
  • Beginner
  • akaash
  • Posts: 62
  • Loc: Gujurat,India

Post 3+ Months Ago

my user name on redhat 9.0 server is 'temp' and i am unable

to open /etc/shadow file for looking for user password from

perl script.Permission is denied.So what should i do for

accessing /etc/shadow from my perl script? Do i need to

change some file permission to u+x or something like that?
  • rjmthezonenet
  • Expert
  • Expert
  • User avatar
  • Posts: 526
  • Loc: St. John's, Newfoundland, Canada

Post 3+ Months Ago

Avoid using names like temp and test. They often come back to bite you because they are so often used for reserved words.

The Perl script only needs to read the /etc/passwd and /etc/shadow files, and they should already be 644 (-rwxr--r--).

What is returning "Permission is denied"? the Perl script? the shell?

ls -l /etc/passwd /etc/shadow

You should see:
-rw-r--r-- 1 root ... /etc/passwd
-rw-r----- 1 root ... /etc/shadow

If not, do this:

chmod 644 /etc/passwd
chmod 640 /etc/shadow

Now... if your Perl script is modifying /etc/passwd and /etc/shadow, you will have permission problems if you are not running the Perl script as root. Then again, you should really reconsider doing this!!!

I get the nagging feeling there's an easier way. Maybe a command line utility you can call from Perl....
  • rjmthezonenet
  • Expert
  • Expert
  • User avatar
  • Posts: 526
  • Loc: St. John's, Newfoundland, Canada

Post 3+ Months Ago

Crypt-PasswdMD5-1.3 > Crypt::PasswdMD5

More on PasswdMDR wrote:
use Crypt::PasswdMD5;

$cryptedpassword = unix_md5_crypt($password, $salt);
$apachepassword = apache_md5_crypt($password, $salt);

the unix_md5_crypt() provides a crypt()-compatible interface to the rather new MD5-based crypt() function found in modern operating systems. It's based on the implementation found on FreeBSD 2.2.[56]-RELEASE and contains the following license in it:


(Dont' forget the beer licence.)

Also look at these...

Crypt-Salt-0.01 > Crypt::Salt

Crypt-UnixCrypt-1.0 > Crypt::UnixCrypt
  • akaash
  • Beginner
  • Beginner
  • akaash
  • Posts: 62
  • Loc: Gujurat,India

Post 3+ Months Ago

Is there any other way to do that without changing file

permissions?
  • _Leo_
  • Proficient
  • Proficient
  • User avatar
  • Posts: 279
  • Loc: Buenos Aires, Argentina

Post 3+ Months Ago

You MUST NOT change /etc/shadow permissions. This file can be only read by root and that is ok.

You need to use some API or service which access /etc/shadow file for you. I don't know about CPAN but I guess it could be a solution.
  • rjmthezonenet
  • Expert
  • Expert
  • User avatar
  • Posts: 526
  • Loc: St. John's, Newfoundland, Canada

Post 3+ Months Ago

Sorry, the permissions are as follows:
chown root.root passwd
chown root.shadow shadow
chmod 0644 passwd
chmod 0640 shadow

Thats a bit of a problem because SUID to root can result in a security hole. If you want to add shadow support to a program so that it can check passwords, it is safer to SUID to shadow.
  • rjmthezonenet
  • Expert
  • Expert
  • User avatar
  • Posts: 526
  • Loc: St. John's, Newfoundland, Canada

Post 3+ Months Ago

You may find life a little easier using this module:

Passwd-Linux-0.70 > Passwd::Linux

If you want to use c, try:

include <shadow/shadow.h>
include <shadow/pwauth.h>
  • Lieven
  • Beginner
  • Beginner
  • User avatar
  • Posts: 57
  • Loc: Belgium

Post 3+ Months Ago

I've never done this before on unix so I don't know what security risk it causes, but my first idea would be to do a system "sudo" with the given username and password. You'll know directly if the credentials are correct without having to abuse /etc/shadow

Post Information

  • Total Posts in this topic: 12 posts
  • Users browsing this forum: No registered users and 89 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.