how to check for unix password

E

eight02645999

hi
i created a login page that authenticate the user and his/her password
to the unix ssystem. what modules can i used to compare the unix
password with what the user typed in the cgi form? the password is
encrypted (shadowed) so i need to
decrypt it first before comparing to what the user typed. or this
cannot be done at all?
thanks
 
B

bonono

complicated issue. There is lots of authentication sub system that may
be in use(PAM, LDAP, Kerberos, /etc/shadow etc.). Each has a different
way. If it is linux, I think you should shoot for PAM, for other unix
system I have no idea.
/etc/passwd is a one way hash, you need the user submit the plain text
equivalent(better use SSL) then compute and compare.

However, if this is web page, I believe it would be better to use the
apache2 module which has relatively good integration with the
authentication system.
 
M

Mike Meyer

i created a login page that authenticate the user and his/her password
to the unix ssystem. what modules can i used to compare the unix
password with what the user typed in the cgi form? the password is
encrypted (shadowed) so i need to
decrypt it first before comparing to what the user typed. or this
cannot be done at all?

As has already been pointed out, users authenticate to Unix systems
with a lot more than passwords.

Also, it's not a good idea to make a web page use a system
password. Web page passwords tend to be poorly protected.

Finally, you can't decrypt a Unix password file password. The
algorithm is to encrypt what the user typed (with crypt.crypt) then
compare that with the entry in the password file. You pass crypt.crypt
the user-entered pasword as the first argument, and the password from
the password file as the second, and compare the returned value to the
password from the password file.

<mike
 
M

Magnus Lycka

hi
i created a login page that authenticate the user and his/her password
to the unix ssystem. what modules can i used to compare the unix
password with what the user typed in the cgi form? the password is
encrypted (shadowed) so i need to

That's not the same thing. Unix passwords are always hashed (encrypted
if you like), but shadowing means that the hashed password isn't visible
in the /etc/passwd file (this file is readable to anyone logged into the
system) but stored in a shadow file which is only available to
administrators.
decrypt it first before comparing to what the user typed. or this
cannot be done at all?

No. This is done with a one-way encryption algorithm, it shouldn't
be possible to decrypt the password hashes without a time consuming
brute force attack. That's not how the authentication works.

What you should do is to encrypt the user supplied password with the
same algorithm and salt as the Unix system uses, and compare the
hashes.

Another option is to simply run some program that tries to log in
the user on the unix box and see if that goes well.

If you really use shadow passwords, and can't run as root on the
system, manual comparision with the password hash is not an option.

For another alternative, see
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/203610
If POP won't help you, I'm sure you might think of similar approaches,
telnetlib or ftplib might prove helpful.
 
F

Fredrik Lundh

i created a login page that authenticate the user and his/her password
to the unix ssystem. what modules can i used to compare the unix
password with what the user typed in the cgi form? the password is
encrypted (shadowed) so i need to decrypt it first before comparing
to what the user typed.

encrypted != shadowed. unix passwords are always encrypted, and
cannot be decrypted (at least not easily).

to check a password, encrypt the given password using the same salt,
and check if you get the same result. see the second example on this
page for an example:

http://effbot.org/librarybook/crypt.htm

if the password is shadowed, you need the right privileges, and the spwd
module:

http://www.python.org/dev/doc/devel/lib/module-spwd.html

this is only available in development versions. to use it with an older
version, you have to built it yourself. the source code is here:

http://svn.python.org/view/python/trunk/Modules/spwdmodule.c

</F>
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top