in reply to Re: Re: Re: Using Unix passwd/shadow to authenticate in perl
in thread Using Unix passwd/shadow to authenticate in perl

OK, I'm confused. So if I use the AUTHEN::PAM module, I will or won't be able to authenticate users from a CGI script based on their UNIX account/password pairs? I don't actually care about direct access to the shadow file, as long as I can make those authentications...
  • Comment on Re: Re: Re: Re: Using Unix passwd/shadow to authenticate in perl

Replies are listed 'Best First'.
Re: Re: Re: Re: Re: Using Unix passwd/shadow to authenticate in perl
by abell (Chaplain) on Sep 27, 2003 at 10:31 UTC

    Yes you can. Try with the following, which is a cleaned-up version of my previous post: 

    #!/usr/bin/perl -w

#------------------------------------------------------------
# Usage: pwdcheck login password
#------------------------------------------------------------

use strict;
use Authen::PAM;

#----------------------------------------
# isValid ( user, pass ))
# check whether the user/pass combo is valid
#----------------------------------------
sub isValid {
    my ( $login, $pass ) = @_;
    my $pamh;
    pam_start( "passwd", $login,
           sub { ( ( 0, $pass ) x (@_/2), PAM_SUCCESS() ) },
           $pamh );
    my $res = pam_authenticate($pamh) == PAM_SUCCESS();
    pam_end($pamh);
    return $res;
}

my ( $login, $pass ) = @ARGV;
print isValid ( $login, $pass );

    [download]
    As you can see, by invoking it as unprivileged user as script username password it prints 1 if the login/pass combo is a valid (unix) one, while it waits a couple of seconds and exits silently otherwise. You can use the isValid function in your cgi script without needing root privileges.

    Cheers

    Antonio


    The stupider the astronaut, the easier it is to win the trip to Vega - A. Tucket
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom