HPE Community
Operating System - HP-UX
1834645 Members
1998 Online
110069 Solutions
New Discussion

Application integrated login

 
SOLVED
Go to solution
Rui Vilao
Regular Advisor

‎10-17-2002 06:42 AM

‎10-17-2002 06:42 AM

Application integrated login

Hi all,

I want to align the password check of my application with the passwd file.

Ie the username / password provided by the user should be checked with
the crypted password in /etc/passwd... (customer requirement...)

Is there some built-in tool for this?

Thanks in advance,

Regards,

Rui.
"We should never stop learning"_________ rui.vilao@rocketmail.com
0 Kudos
Reply
5 REPLIES 5
Darrell Allen
Honored Contributor

‎10-17-2002 07:00 AM

‎10-17-2002 07:00 AM

Solution

Re: Application integrated login

Hi Rui,

Not to my knowledge.

You could code your own verification using makekey. I've wrote some about it in:
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x087e402f24d5d61190050090279cd0f9,00.html

The problem I have with doing this is that you would be reading the user's login password. In my opinion, and for security reasons, no one should know another's password, even the administrator. Of course, the admin could sniff the passwords unless you use ssh. Even that can be broken though.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
Reply
A. Clay Stephenson
Acclaimed Contributor

‎10-17-2002 07:02 AM

‎10-17-2002 07:02 AM

Re: Application integrated login

It's fairly simple.

1) Read the existing user's entry in the passwd file and strip off the first two characters. These become the 'salt'.
2) Read the user supplied plaintext password.
3) Call the crypt() function
*newpass = crypt(plaintext,salt);

if (strcmp(newpass,old_passwd) == 0)
{
/* passwords match
}

man getpwnam, getpass, and 3 crypt for details.

You can also do this quite easily in Perl.

If it ain't broke, I can fix that.
Reply
Jean-Louis Phelix
Honored Contributor

‎10-17-2002 07:05 AM

‎10-17-2002 07:05 AM

Re: Application integrated login

Hello Rui,

The only solution I found was to get the user name and password, the get 2 first 2 chars of the password of this user in /etc/passwd and crypt the entered password using a "salt key" composed of the 2 chars. Example ...

user phelix
password bb

in /etc/password, get the password field (use getpwent in C) :

phelix:6GnuUoFPCmjY6:370:30: Jean-Louis Phelix :/home/phelix:/usr/bin/sh

So here, the ouput of this program should be the same password as in /etc/passwd.

#include
#include
main ()
{
printf("%s\n", crypt("bb","6G"));
}

--> 6GnuUoFPCmjY6

Good luck ...

Jean-Louis.
It works for me (© Bill McNAMARA ...)
0 Kudos
Reply
Darrell Allen
Honored Contributor

‎10-17-2002 07:14 AM

‎10-17-2002 07:14 AM

Re: Application integrated login

By the way, if using makekey on a password less than 8 characters, the "padding" character is a "null".

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
Keith Buck
Respected Contributor

‎10-19-2002 09:59 AM

‎10-19-2002 09:59 AM

Re: Application integrated login

Use pam_unix(5).

All of the other responses are quite detailed and may actually be easier to implement, but they won't work on a trusted system and they won't properly implement password policies.

pam (pluggable authentication modules) were designed for this.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.