processing system user login

rvosa has asked for the wisdom of the Perl Monks concerning the following question:

Dear monks,

I am looking for a (moderately) portable way of running system user authentication. I thought I understood from the perldocs that the following would work in an ideal world:

use strict;
use warnings;
my @pwstruct  = getpwnam('me');
my $plain     = '****';
my $encrypted = $pwstruct[1];

if ( crypt( $plain, $encrypted ) eq $encrypted ) {
        print "ok";
}
[download]

but it neither does on OSX (10.4, intel) nor on x86 red hat (not sure if these are "ideal world") so I guess I misunderstood. What am I missing?

Thank you!

Comment on processing system user login Download Code

Replies are listed 'Best First'.
Re: processing system user login by Anno (Deacon) on Feb 26, 2007 at 10:12 UTC
Most systems don't store the encrypted password in /etc/passwd anymore but move it to a file with stricter access control (often /etc/shadow). In these cases what you get from getpwnam() under a non-privileged account is just a dummy that has nothing to do with the actual user password. Only a user who has access to the shadow file (root) can verify a password using your code. Try running it under root. Anno	[reply]
Re^2: processing system user login by rvosa (Curate) on Feb 26, 2007 at 10:21 UTC
Thanks for the reply. On my system, in any case, there is no /etc/shadow - so I guess what I'm looking for is a module that abstracts this a little bit, taking these OS differences into account. Any suggestions?	[reply]
Re^3: processing system user login by GrandFather (Saint) on Feb 26, 2007 at 10:25 UTC
In reply to a previous question radiantmatrix offers Re: Unix Password for validation which may help. DWIM is Perl's answer to Gödel	[reply]
Re^3: processing system user login by Anno (Deacon) on Feb 26, 2007 at 10:37 UTC
Never mind whether it's /etc/shadow or something else, the usual behavior is that getpwnam() retrieves the useless entry from /etc/passwd for non-privileged users and the encryption of the real password for root. Your code is fine. What you need is not a module but sufficient privileges. Anno	[reply]
Re: processing system user login by almut (Canon) on Feb 26, 2007 at 10:58 UTC
Why not just print out `$encrypted`? It should be easy to identify it as either a dummy, or as a proper encrypted string (traditional 13-byte unix crypt, MD5, ...). This way you could verify whether it's simply a permission problem, as Anno said...	[reply] [d/l]

Back to Seekers of Perl Wisdom