Hi,
Has anyone managed to code anything that will verify the username and
password of a user against the /etc/shadow file?
I need to authenticate users based on their local system accounts, but
unfortunately need to do this without recompiling PHP or Apache with custom
modules.
So far I've managed to pull all of the shadow password strings out and into
a database, but is there any way of 'matching' the encrypted strings if you
are given the plain text version, like with md5?
Thanks in advance,
Vince.
5  2794 
Vincent Pirez wrote: Hi,
Has anyone managed to code anything that will verify the username and
password of a user against the /etc/shadow file?
I need to authenticate users based on their local system accounts, but
unfortunately need to do this without recompiling PHP or Apache with custom
modules.
So far I've managed to pull all of the shadow password strings out and into
a database, but is there any way of 'matching' the encrypted strings if you
are given the plain text version, like with md5?
Thanks in advance,
Vince.
PHP has a function named 'crypt' that will encrypt strings in the same
way the password is encrypted into the password file. It takes a
password string and a salt string.
The encryption algorithm may vary but is typically either a two
character salt (CRYPT_STD_DES) or an MD5 salt (CRYPT_MD5). The MD5
encryptions are guaranteed to start with a '$' sign.
So, for example, let's say your shadow entry is:
web:$2$Hlpmlp9i $5VnapGyOuIzJFk PcrvE7a.:13007: 0:99999:7:::
This is a MD5 encrypted password.
if( crypt($password , $salt) == '$2$Hlpmlp9i$5V napGyOuIzJFkPcr vE7a.')) {
// password is correct
}
Do you really want to pull all the shadow entries into a database? Why
not read the file directly and explode() the entries? It seems to me
that you will have synchronization issues the other way.
-david-
"David Haynes" <da***********@ sympatico.ca> wrote in message
news:2h******** ***********@fe0 6.usenetserver. com... PHP has a function named 'crypt' that will encrypt strings in the same way
the password is encrypted into the password file. It takes a password
string and a salt string.
The encryption algorithm may vary but is typically either a two character
salt (CRYPT_STD_DES) or an MD5 salt (CRYPT_MD5). The MD5 encryptions are
guaranteed to start with a '$' sign.
So, for example, let's say your shadow entry is:
web:$2$Hlpmlp9i $5VnapGyOuIzJFk PcrvE7a.:13007: 0:99999:7:::
This is a MD5 encrypted password.
if( crypt($password , $salt) == '$2$Hlpmlp9i$5V napGyOuIzJFkPcr vE7a.')) {
// password is correct
}
Do you really want to pull all the shadow entries into a database? Why not
read the file directly and explode() the entries? It seems to me that you
will have synchronization issues the other way.
-david-
Hi David,
Thanks for the great response. But how do I determine the matching salt?
Thanks,
Vince.
Vincent Pirez wrote: "David Haynes" <da***********@ sympatico.ca> wrote in message
news:2h******** ***********@fe0 6.usenetserver. com... PHP has a function named 'crypt' that will encrypt strings in the same way
the password is encrypted into the password file. It takes a password
string and a salt string.
The encryption algorithm may vary but is typically either a two character
salt (CRYPT_STD_DES) or an MD5 salt (CRYPT_MD5). The MD5 encryptions are
guaranteed to start with a '$' sign.
So, for example, let's say your shadow entry is:
web:$2$Hlpmlp9i $5VnapGyOuIzJFk PcrvE7a.:13007: 0:99999:7:::
This is a MD5 encrypted password.
if( crypt($password , $salt) == '$2$Hlpmlp9i$5V napGyOuIzJFkPcr vE7a.')) {
// password is correct
}
Do you really want to pull all the shadow entries into a database? Why not
read the file directly and explode() the entries? It seems to me that you
will have synchronization issues the other way.
-david-
Hi David,
Thanks for the great response. But how do I determine the matching salt?
Thanks,
Vince.
The short answer is that the salt of the encrypted password in the
shadow file is used.
A sample program:
<?php
$shadow_pw = '$1$Hlpmlp9i$5V napGyOuIzJFkPcr vE7a.';
$my_pw = array('foofoofo o', 'letmein');
foreach( $my_pw as $pw ) {
if( crypt($pw, $shadow_pw) == $shadow_pw ) {
echo "The password $pw is good\n");
} else {
echo "The password $pw is bad\n");
}
}
?>
-david-
"David Haynes" <da***********@ sympatico.ca> wrote in message
news:gY******** **********@fe46 .usenetserver.c om...
The short answer is that the salt of the encrypted password in the shadow
file is used.
A sample program:
<?php
$shadow_pw = '$1$Hlpmlp9i$5V napGyOuIzJFkPcr vE7a.';
$my_pw = array('foofoofo o', 'letmein');
foreach( $my_pw as $pw ) {
if( crypt($pw, $shadow_pw) == $shadow_pw ) {
echo "The password $pw is good\n");
} else {
echo "The password $pw is bad\n");
}
}
?>
David,
Ahhh i get it now, by crypt()'ing the password against the shadow password
it somehow verifies.....I' m curious how this works, but don't need an
explanation unless anyone's willing to offer one?
Fact of the matter is it works, and is verifying nicely - many thanks for
your help David :)
Vince.
Vincent Pirez wrote: David,
Ahhh i get it now, by crypt()'ing the password against the shadow password
it somehow verifies.....I' m curious how this works, but don't need an
explanation unless anyone's willing to offer one?
The first 'n' characters of any encrypted password is the salt used to
create the password. By supplying an encrypted password as the salt, you
are essentially providing the salt.
Fact of the matter is it works, and is verifying nicely - many thanks for
your help David :)
Cool! Glad its working out for you.
-david- This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: TheDD |
last post by:
Hello every body,
i have to do a news system wich use php/mysql.
i need 3 accounts:
* a 'reader' who doesn't need to log in to read the news
* a 'writer' who can write news in a pending news table
* a 'moderator' which validate a pending news, and make it a regular news,
viewable from the site (by the 'reader')
|
by: Geiregat Jonas |
last post by:
I'm running a linux system I would like to create a login system based
upon the users and passwd of my linux box how could I do this ?
|
by: Tony Baker |
last post by:
In order for my company to go ahead and use .Net and C# (over java), I
need to know how to install and run a C# ASP.Net application not only
on Windows, but on Linux.
I'm a Windows developer, currently writing a c# ASP.Net application.
The last time I used Linux (or whatever you want to call it) was back
at Uni 5 years ago.
What I want to do, is to see if I can get my ASP.Net project working
on Linux using mono (www.mono-project.com) -...
|
by: Fabrizio |
last post by:
(Sorry for the crosspost, but I really don't know which is the right
newsgroup!)
Hi all,
I try to change the password to a user that as to change the password at
first logon:
try
{
|
by: 8anos |
last post by:
Hello,
I am new at the community and newbie at programming :)
As you may know rapidshare provides a perl script for linux, to upload files at their servers.
You can find the original scripts at rapidshare news :
http://images.rapidshare.com/software/rsapi.pl
If you test it you will see that you can upload one file at time.
I try to modify it in that way that script can read a text file with the names of the files i want to...
| | |
by: astolpho |
last post by:
I am using a slightly outdated reference book on J2EE programming. It gives 2 methods of creating a database used in its casestudies. The first is an ANT script that gives the following output:
D:\original\CaseStudy-2-5\CaseStudy\Day02\exercise>asant database
Buildfile: build.xml
env-user:
prop-user:
set-user:
|
by: SRK |
last post by:
Hi,
I have installed free TDS ODBC driver on Linux and from there I am
trying to connect to MS SQLSERVER installed on Windows machine. But it
gives me following error -
tsql -H ps6312 -p 1433 -U shiv
locale is "en_US.UTF-8"
locale charset is "UTF-8"
Password:
Msg 18456, Level 14, State 1, Server , Line 0
|
by: prasadshete |
last post by:
Dear all,
my system is
$ uname -a
Linux DLidps01 2.4.21-4.ELsmp #1 SMP Fri Oct 3 17:52:56 EDT 2003 i686 i686 i386 GNU/Linux
1.Now, i my a/c has sudo to root access. i do $sudo bash and enter into the root. But nowadays i am not able to do so. here is the error message..
$ sudo bash
Password:
sudo: pam_acct_mgmt: 7
|
by: Apostle |
last post by:
Hi all, after thinking for sometimes, I thought it will be great opportunity to learn if I will start from scratch and build my own register/login system. Here is the thread that I will be posting the progress and I hope you guys will help me.
The code below is what I have so far. Just put two scripts in the same directory and that is! I hope you will help me
Thanks!
class.php
<?php
//php login sytem
class LoginRegister{
function...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| | |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
