vaevictus has asked for the wisdom of the Perl Monks concerning the following question:

What is the most appropriate way to check whether a given password authenticates in a linux system using shadow passwords and md5?
I'm trying to write a program and need the user to verify themselves with their passwords, but I don't know how to check the passwords they give me.

Replies are listed 'Best First'.
Re: Md5 password authentication
by little (Curate) on Nov 13, 2000 at 06:57 UTC
    You might consult one of merlyn's columns for webtechniques.com to get a lot of answers about that topic.

    Have a nice day
    All decision is left to your taste
[reply]
Re: Md5 password authentication
by neophyte (Curate) on Nov 13, 2000 at 17:55 UTC
    You might want to look at shadow passwd for some info as well.

    neophyte

[reply]
                use Crypt::PasswdMD5;

          sub my_md5_crypt {
          my $salt;

          for(0..7) {
              $salt .= ('.', '/', 0..9, 'A'..'Z','a'..'z')[rand 64];
          }
          my $pass = shift; #clear text password

          return unix_md5_crypt($pass, '$1$' . $salt . '$');
          }

      [download]
      I've tried this, but I get different results when i put in the password and the given salt... They don't match up to the results in the main section.
[reply]
[d/l]
Re: Md5 password authentication
by vaevictus (Pilgrim) on Nov 13, 2000 at 23:16 UTC
    after putting the hurt down on some code and realizing that i mistyped my salt during my initial trials... final working code: 
    use Crypt::PasswdMD5;
my $pass ="foobar";
my $salt="M0au29mc";
print unix_md5_crypt($pass, $salt);

    [download]
    OH MY! was that difficult... feel free to make fun of me beyond this point. :)
[reply]
[d/l]

Back to Seekers of Perl Wisdom