Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

processing system user login

by rvosa (Curate)
on Feb 26, 2007 at 09:39 UTC ( #602088=perlquestion: print w/replies, xml ) Need Help??

rvosa has asked for the wisdom of the Perl Monks concerning the following question:

Dear monks,

I am looking for a (moderately) portable way of running system user authentication. I thought I understood from the perldocs that the following would work in an ideal world:
use strict; use warnings; my @pwstruct = getpwnam('me'); my $plain = '****'; my $encrypted = $pwstruct[1]; if ( crypt( $plain, $encrypted ) eq $encrypted ) { print "ok"; }
but it neither does on OSX (10.4, intel) nor on x86 red hat (not sure if these are "ideal world") so I guess I misunderstood. What am I missing?

Thank you!

Replies are listed 'Best First'.
Re: processing system user login
by Anno (Deacon) on Feb 26, 2007 at 10:12 UTC
    Most systems don't store the encrypted password in /etc/passwd anymore but move it to a file with stricter access control (often /etc/shadow). In these cases what you get from getpwnam() under a non-privileged account is just a dummy that has nothing to do with the actual user password. Only a user who has access to the shadow file (root) can verify a password using your code. Try running it under root.

    Anno

      Thanks for the reply. On my system, in any case, there is no /etc/shadow - so I guess what I'm looking for is a module that abstracts this a little bit, taking these OS differences into account. Any suggestions?
        Never mind whether it's /etc/shadow or something else, the usual behavior is that getpwnam() retrieves the useless entry from /etc/passwd for non-privileged users and the encryption of the real password for root. Your code is fine. What you need is not a module but sufficient privileges.

        Anno

Re: processing system user login
by almut (Canon) on Feb 26, 2007 at 10:58 UTC

    Why not just print out $encrypted? It should be easy to identify it as either a dummy, or as a proper encrypted string (traditional 13-byte unix crypt, MD5, ...). This way you could verify whether it's simply a permission problem, as Anno said...

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://602088]
Approved by GrandFather
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (7)
As of 2020-11-24 22:02 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?