By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,539 Members | 1,289 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,539 IT Pros & Developers. It's quick & easy.

user authentication via /etc/passwd|/etc/shadow

P: n/a
Hi,

I want to write a program where I authenticate users via the standard
unix system accounts. I didn't find a module providing this
functionality. Is there such a module available? If not, how can I
achieve this?

Marco

--
Marco Herrn he***@gmx.net
(GnuPG/PGP-signed and crypted mail preferred)
Key ID: 0x94620736

Jul 18 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a
Marco Herrn wrote:
I want to write a program where I authenticate users via the standard
unix system accounts. I didn't find a module providing this
functionality. Is there such a module available? If not, how can I
achieve this?


You need a combination of the pwd and crypt modules. Lookup the name
of the user using the pwd module, and fetch the encrypted password.
Then use crypt.crypt for encryption; use the first two letters of
the encrypted password as the salt.

Be aware that some installations use MD5 passwords, which can be
recognized by starting with $1$ (or some such).

Regards,
Martin

Jul 18 '05 #2

P: n/a
On 2004-04-04, Martin v. Lwis <ma****@v.loewis.de> wrote:
Marco Herrn wrote:
I want to write a program where I authenticate users via the standard
unix system accounts. I didn't find a module providing this
functionality. Is there such a module available? If not, how can I
achieve this?


You need a combination of the pwd and crypt modules.

It seems that the pwd module can only access /etc/passwd. If the
passwords are stored in /etc/shadow, it doesn't work. Is there a way to
access shadow passwords, too?

Marco

--
Marco Herrn he***@gmx.net
(GnuPG/PGP-signed and crypted mail preferred)
Key ID: 0x94620736

Jul 18 '05 #3

P: n/a
Marco Herrn wrote:
It seems that the pwd module can only access /etc/passwd. If the
passwords are stored in /etc/shadow, it doesn't work. Is there a way to
access shadow passwords, too?


No, support for shadow modules is currently not available. You might
want to check out http://python.org/sf/579435 to see whether it helps
you. Comments in this SF patch submission on the usability of the
specific patch are appreciated.

Regards,
Martin

Jul 18 '05 #4

P: n/a
Marco Herrn wrote:
I want to write a program where I authenticate users via the standard
unix system accounts. I didn't find a module providing this
functionality. Is there such a module available? If not, how can I
achieve this?


You can try the python-pam module:

http://ftp.debian.org/debian/pool/ma....2-10.1.tar.gz

Regards,
Dima.
Jul 18 '05 #5

P: n/a
On 2004-04-04, Dima Barsky <di**@debian.org> wrote:
Marco Herrn wrote:
I want to write a program where I authenticate users via the standard
unix system accounts. I didn't find a module providing this
functionality. Is there such a module available? If not, how can I
achieve this?


You can try the python-pam module:

http://ftp.debian.org/debian/pool/ma....2-10.1.tar.gz


Thanks, I will try it.
--
Marco Herrn he***@gmx.net
(GnuPG/PGP-signed and crypted mail preferred)
Key ID: 0x94620736

Jul 18 '05 #6

P: n/a
On 2004-04-04, Martin v. Lwis <ma****@v.loewis.de> wrote:
You need a combination of the pwd and crypt modules. Lookup the name
of the user using the pwd module, and fetch the encrypted password.
Then use crypt.crypt for encryption; use the first two letters of
the encrypted password as the salt.

Be aware that some installations use MD5 passwords, which can be
recognized by starting with $1$ (or some such).


A question to this md5 and sha1 hashed passwords. The python modules for
these are different to the crypt module. Especially there is no salt. So
how would I compare a given password to a given hash? Just rehash the
password? Would the hash always be the same? I thought the salt was
there to improve security.

And how can I distinguish a these hash methods? For example I have a
hash. How do I find out which hash method was used for this? As I have
seen md5 hashs are always 128 bit long. When I have such a hash in hex
form, can I say if that hash string has a length of 32 it is definitely
a md5 hash, a length of 40 indicating a sha hash and a length of 13
indicating a crypt() hash?
And what about the prefix $1$ for md5? When this is available just cut
it off the hash? Are there any other forms of such prefixes?

Sorry for this lot of questions. ;-)
Marco
--
Marco Herrn he***@gmx.net
(GnuPG/PGP-signed and crypted mail preferred)
Key ID: 0x94620736

Jul 18 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.