C programming question: how to verify userid/password on Unix OS (hp or linux)
Hi, Is there any functions that can be used to verify userid/password without worring about whereabouts of the password: /etc/passwd , /etc/shadow or somewhere else?
I am used to use 'getpwent' to do password verification on our HP machine, but when I moved the code to Linux, it didn't work because the encrypted password resides in /etc/shadow instead of /etc/passwd.
Re: C programming question: how to verify userid/password on Unix OS (hp or linux)
Hello Liping,
not sure if there is a way to avoid putting some logic about the passwd location into the program, but using fgetpwent and/or the shadow routines (man shadow) you should be able to get at the data you need.
Re: C programming question: how to verify userid/password on Unix OS (hp or linux)
When doing it from a shell script, you could do it with su: su -c /bin/true
The problem with doing it from a C-program is that the encrypted passwd is not accessible for normal users, only root, on systems using the /etc/shadow (linux/solaris) or trusted (hp-ux) environments.
So, even if you do program it correctly, you have to have root privileges to make it work... meaning a new possible security hole. You might, of course, try the system command to start the su line like in a shell script. That should work...
Every problem has at least one solution. Only some solutions are harder to find.
