Verifying a User Password - calling crypt() - Unix

This is a discussion on Verifying a User Password - calling crypt() - Unix ; Hi, I'm writing a function which is supposed to simply verify a username and password against the /etc/passwd file. I'm sure I did this many years ago by calling the encrypt() function on the the user's password and comparing the ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Verifying a User Password - calling crypt()

  1. Verifying a User Password - calling crypt()


    Hi,

    I'm writing a function which is supposed to simply verify a username
    and password against the /etc/passwd file. I'm sure I did this many
    years ago by calling the encrypt() function on the the user's password
    and comparing the result with the corresponding one read from
    /etc/passwd. I recall that the encrypt function required a salt value
    which was the password read from the /etc/passwd.

    I'm calling encrypt() with the user's password as the salt and I'm
    getting back a different password as the result. I've even tried using
    the first two characters of the user's password as the salt but to no
    avail.

    I'm using AIX version 5.

    Can anyone explain this or suggest some suitable code that will do the
    job?

    Thanks


    --
    phykell
    ------------------------------------------------------------------------
    phykell's Profile: http://fantasticunix.com/forum/member.php?userid=69
    View this thread: http://fantasticunix.com/forum/showthread.php?t=508894


  2. Re: Verifying a User Password - calling crypt()

    phykell wrote:

    > I'm writing a function which is supposed to simply verify a username
    > and password against the /etc/passwd file. I'm sure I did this many
    > years ago by calling the encrypt() function on the the user's password
    > and comparing the result with the corresponding one read from
    > /etc/passwd. I recall that the encrypt function required a salt value
    > which was the password read from the /etc/passwd.


    Do you mean crypt instead of encrypt? Can't you use PAM instead?

  3. Re: Verifying a User Password - calling crypt()


    Marc;2606533 Wrote:
    > phykell wrote:
    >
    > > I'm writing a function which is supposed to simply verify a username
    > > and password against the /etc/passwd file. I'm sure I did this many
    > > years ago by calling the encrypt() function on the the user's

    > password
    > > and comparing the result with the corresponding one read from
    > > /etc/passwd. I recall that the encrypt function required a salt

    > value
    > > which was the password read from the /etc/passwd.

    >
    > Do you mean crypt instead of encrypt? Can't you use PAM instead?

    Sorry, yes it's "crypt()". I believe the issue is that the password
    information was written by a custom application that someone's just
    mentioned! I think I should be OK now as I can look at that code. I was
    just confused because I've done this before and just expected it to be
    the same as years ago but things always change I guess!

    I've never used PAM (I've come back to UNIX after a very long time!)
    but it sounds interesting from the brief look I've just had. I'll take a
    look at that as well - thanks.


    --
    phykell
    ------------------------------------------------------------------------
    phykell's Profile: http://fantasticunix.com/forum/member.php?userid=69
    View this thread: http://fantasticunix.com/forum/showthread.php?t=508894


  4. Re: Verifying a User Password - calling crypt()

    On Aug 12, 6:41 am, phykell mx.forums.yourdomain.com.au> wrote:

    > Can anyone explain this or suggest some suitable code that will do the
    > job?


    The source code here is an easy hack:
    http://echelon.pl/pubs/poppassd.php

    Kevin P. Barry

+ Reply to Thread