topic Re: Application integrated login in Operating System - HP-UX

Application integrated login

Rui Vilao — Thu, 17 Oct 2002 13:42:53 GMT

Hi all,

I want to align the password check of my application with the passwd file.

Ie the username / password provided by the user should be checked with
the crypted password in /etc/passwd... (customer requirement...)

Is there some built-in tool for this?

Thanks in advance,

Regards,

Rui.

Re: Application integrated login

Darrell Allen — Thu, 17 Oct 2002 14:00:31 GMT

Hi Rui,

Not to my knowledge.

You could code your own verification using makekey. I've wrote some about it in:
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x087e402f24d5d61190050090279cd0f9,00.html

The problem I have with doing this is that you would be reading the user's login password. In my opinion, and for security reasons, no one should know another's password, even the administrator. Of course, the admin could sniff the passwords unless you use ssh. Even that can be broken though.

Darrell

Re: Application integrated login

A. Clay Stephenson — Thu, 17 Oct 2002 14:02:37 GMT

It's fairly simple.

1) Read the existing user's entry in the passwd file and strip off the first two characters. These become the 'salt'.
2) Read the user supplied plaintext password.
3) Call the crypt() function
*newpass = crypt(plaintext,salt);

if (strcmp(newpass,old_passwd) == 0)
{
/* passwords match
}

man getpwnam, getpass, and 3 crypt for details.

You can also do this quite easily in Perl.

Re: Application integrated login

Jean-Louis Phelix — Thu, 17 Oct 2002 14:05:53 GMT

Hello Rui,

The only solution I found was to get the user name and password, the get 2 first 2 chars of the password of this user in /etc/passwd and crypt the entered password using a "salt key" composed of the 2 chars. Example ...

user phelix
password bb

in /etc/password, get the password field (use getpwent in C) :

phelix:6GnuUoFPCmjY6:370:30: Jean-Louis Phelix :/home/phelix:/usr/bin/sh

So here, the ouput of this program should be the same password as in /etc/passwd.

#include
#include
main ()
{
printf("%s\n", crypt("bb","6G"));
}

--> 6GnuUoFPCmjY6

Good luck ...

Jean-Louis.

Re: Application integrated login

Darrell Allen — Thu, 17 Oct 2002 14:14:33 GMT

By the way, if using makekey on a password less than 8 characters, the "padding" character is a "null".

Darrell

Re: Application integrated login

Keith Buck — Sat, 19 Oct 2002 16:59:05 GMT

Use pam_unix(5).

All of the other responses are quite detailed and may actually be easier to implement, but they won't work on a trusted system and they won't properly implement password policies.

pam (pluggable authentication modules) were designed for this.