C programming question: how to verify userid/password on Unix OS (hp or linux)

liping guo · ‎12-23-2003

Hi,
Is there any functions that can be used to verify userid/password without worring about whereabouts of the password: /etc/passwd , /etc/shadow or somewhere else?

I am used to use 'getpwent' to do password verification on our HP machine, but when I moved the code to Linux, it didn't work because the encrypted password resides in /etc/shadow instead of /etc/passwd.

Any help is highly appreciated!

Liping

Martin P.J. Zinser · ‎12-23-2003

Hello Liping,

not sure if there is a way to avoid putting some logic about the passwd location into the
program, but using fgetpwent and/or the shadow
routines (man shadow) you should be able to get at the data you need.

Greetings, Martin

Elmar P. Kolkman · ‎12-30-2003

When doing it from a shell script, you could do it with su:
su -c /bin/true

The problem with doing it from a C-program is that the encrypted passwd is not accessible for normal users, only root, on systems using the /etc/shadow (linux/solaris) or trusted (hp-ux) environments.

So, even if you do program it correctly, you have to have root privileges to make it work... meaning a new possible security hole. You might, of course, try the system command to start the su line like in a shell script. That should work...

Every problem has at least one solution. Only some solutions are harder to find.

Laurent Menase · ‎12-30-2003

Hi
There is pam Pluggable Authentication Module

C programming question: how to verify userid/password on Unix OS (hp or linux)

C programming question: how to verify userid/password on Unix OS (hp or linux)

Re: C programming question: how to verify userid/password on Unix OS (hp or linux)

Re: C programming question: how to verify userid/password on Unix OS (hp or linux)

Re: C programming question: how to verify userid/password on Unix OS (hp or linux)

Hewlett Packard Enterprise International