See perlfunc:crypt which has sample code to do exactly what you want. I have used it and it does work.
I would recommend you look into ssh forced commands if you are going to litter (pass-phrase less) keys to roots account around the place (or keys with the pass-phrase embedded in the script). At least that way if someone Ownz the box with the key they can only run the command you allow, although being able to reset passwords is bad enough! Make sure the forced command can only reset the password for allowed accounts- allow by uid range for example. Turn taint mode on for your forced command as well (-wT). Definately do NOT allow roots password to be reset this way! :)
I have used perl with open2 /open3 to the system ssh to send data across the network, open2/3 allows you to talk to stdin/stdout at the same time and passed parameters aren't visible from a local ps. Works well and you don't have to keep two versions of ssh (system & perls) up to date with security fixes.
I still think it is a bad idea though, it sounds like what you really need is NIS or LDAP. Your script then only needs admin privilege to NIS/LDAP and not to root.
Hope this helps
--
my $chainsaw = 'Perl';
In reply to Re: Testing A users's unix password with perl
by greenFox
in thread Testing A users's unix password with perl
by cfreak
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |