HPE Community
Operating System - HP-UX
1833869 Members
1627 Online
110063 Solutions
New Discussion

Re: api's in php/perl which would change passwd of user

 
Deepak_5
Advisor

‎09-13-2001 07:47 AM

‎09-13-2001 07:47 AM

api's in php/perl which would change passwd of user

Hi,

Are there api's in php/perl which would change
the /etc/passwd of user. This user log's in on
the web page. The web page has login and passwd and ability to change the passwd as well.
And authentication has to be only on /etc/passwd file.
The requirement is strictly on php and perl, no C programs which uses api's like getpwent/putpwent.
Any help on this will be appreciated.
Any sample code/site,etc.

Thanks and Regards
Deepak

0 Kudos
Reply
2 REPLIES 2
Bryan Backer
New Member

‎09-13-2001 04:26 PM

‎09-13-2001 04:26 PM

Re: api's in php/perl which would change passwd of user

Deepak,

I have not performed the exact task you're
asking about, but here are some items you
may find useful.

You've probably noticed already that perl
provides a set of functions such as
getpwent/setpwent

Assuming you're using a recent version of perl5, check out
perldoc -f getpwent
or
perldoc -f setpwent
for a list.


There are also perl5 modules at CPAN related to
the passwd file:

http://search.cpan.org/search?mode=module&query=passwd


Depending upon your setup and the required level
of security, you might want to consider the following:

http://httpd.apache.org/docs/misc/FAQ-G.html#passwdauth

before mixing unix and web based password authentication.

One other note -- webmin is a web based program
that can update/modify /etc/passwd and might
either perform the function for you or show you
how yourself:

http://www.webmin.com/webmin

From the Webmin README:

"Webmin Version 0.84
-------------------
Webmin is a web-based interface for
system administration for Unix. Using
any browser that supports tables and
forms, you can setup user accounts,
Apache, internet services, DNS, file
sharing and so on.

Webmin consists of a simple web server,
and a number of CGI programs which
directly update system files like
/etc/inetd.conf and /etc/passwd. The
web server and all CGI programs are
written in Perl version 5, and use only
the standard perl modules."

You can get an apache with webmin from
http://www.hp.com/products1/unix/webservers/apache/downloads/index.html

Hope that helps,

Bryan
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎09-13-2001 05:55 PM

‎09-13-2001 05:55 PM

Re: api's in php/perl which would change passwd of user

Hi:

Unfortunately, Perl's getpwent() function knows nothing about the pw_age field. If you need to worry about passwd aging and minimum time before a user can change his passwd or those which can only be changed by root, Perl's functions won't do the job. You would be better off to create your own routines. Fortunately, you do have perl's crypt function which will test the old passwd and create a new passwd for you. You need to grab the first 2 chars or the old passwd as 'salt' to supply to the crypt function. You will also need to create a random 2-char salt value based upon the character set ./[0-9][A-Z][a-z] when you call crypt for creating the new passwd hash.
Everything you need is actually in place crypt(), srand(),rand(),int() to do the passwd hashing. If you want to do this in an NIS environment or a trusted environment, things get more complicated. I suggest you look at www.perl.org/CPAN and search for passwd. You will find quite a few modules.

Regards, Clay
If it ain't broke, I can fix that.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.