in reply to Re: Re: Re: Re: Using Unix passwd/shadow to authenticate in perl
in thread Using Unix passwd/shadow to authenticate in perl

Yes you can. Try with the following, which is a cleaned-up version of my previous post: 

#!/usr/bin/perl -w

#------------------------------------------------------------
# Usage: pwdcheck login password
#------------------------------------------------------------

use strict;
use Authen::PAM;

#----------------------------------------
# isValid ( user, pass ))
# check whether the user/pass combo is valid
#----------------------------------------
sub isValid {
    my ( $login, $pass ) = @_;
    my $pamh;
    pam_start( "passwd", $login,
           sub { ( ( 0, $pass ) x (@_/2), PAM_SUCCESS() ) },
           $pamh );
    my $res = pam_authenticate($pamh) == PAM_SUCCESS();
    pam_end($pamh);
    return $res;
}

my ( $login, $pass ) = @ARGV;
print isValid ( $login, $pass );

[download]
As you can see, by invoking it as unprivileged user as script username password it prints 1 if the login/pass combo is a valid (unix) one, while it waits a couple of seconds and exits silently otherwise. You can use the isValid function in your cgi script without needing root privileges.

Cheers

Antonio


The stupider the astronaut, the easier it is to win the trip to Vega - A. Tucket

In Section Seekers of Perl Wisdom