Simple password verification

wayloud has asked for the wisdom of the Perl Monks concerning the following question:

I am going nut trying to figure this out. All I want to do is write a very small tool that will accept a userid and a given password as command line arguments, and return "true" if they match what the system has, or "false" if not. This is on FreeBSD so I am accessing an /etc/passwd file. All the searching and sites I have found thus far all deal with Apache and protecting directories. I don't want any of that. I want something that can be called from command line and trap the return code to verify if the supplied username and password are correct. Anyone have any good ideas?

Comment on Simple password verification

Replies are listed 'Best First'.
Re: Simple password verification by Tanktalus (Canon) on Mar 10, 2005 at 01:16 UTC
First off, your /etc/passwd probably doesn't have passwords. If it does, check User::pwent - it can get the password field. Then check crypt - the idea is to take the password from the commandline, crypt it using the password you got from User::pwent, and see if the output is still the password you got from User::pwent. However, more likely /etc/passwd doesn't have passwords. Then you need to do things that may not even be allowed without root privileges. And we're looking at a whole new can o' worms with this. Note also that passing in passwords on the command line is incredibly unsafe. During the execution of your command, someone else (even someone who isn't root) could run "ps" and see your commandline and now know your password (or your attempt). Don't do that. It's worth the effort to learn to use Term::ReadKey to turn off echoing, and query the password from the user interactively.	[reply]
Re: Simple password verification by derby (Abbot) on Mar 10, 2005 at 12:54 UTC
The example in perldoc -f crypt doesn't work for you? -derby	[reply]
Re: Simple password verification by Anonymous Monk on Mar 10, 2005 at 13:11 UTC
On most modern Unix systems, you need super user privs to be able to do that. Encrypted passwords are stored in `/etc/shadow`, which has a `0400` permission. I would create a small C program doing the testing (reading the password from a file descriptor - stdin will do fine) using `exit` to do the success/failure checking. Install the binary suid root.	[reply]