crypt() is smart enough to know about getting the salt out of the crypted password.

You can try something along these lines:

...

my $pass = (getpwnam($login))[1];

if (crypt($password, $pass) eq $pass) {

  ## The user supplied the correct password

}
else {

  ## The user supplied a wrong password

}

...
[download]

Which I think is considerably simpler and more portable. The code snippet you supplied will not work when the crypt() function in your system does not use a DES-based transformation.

If you need support for other crypt() methods (MD5 or Apache), I suggest you take a look at Crypt::Passwd*

Good luck.