Loading ...
Sorry, an error occurred while loading the content.

[PBML] Re: Methods To Login Unix

Expand Messages
  • Dan Boger
    On Fri, 07 Jan 2000 12:03:26 +0800 CN Liu wrote ... well, I can give you part of the solution - look at the crypt function: (snip from
    Message 1 of 4 , Jan 7, 2000
    • 0 Attachment
      On Fri, 07 Jan 2000 12:03:26 +0800 CN Liu <cn@...> wrote
      concerning '[PBML] Methods To Login Unix':
      > Now, this is what I would like to achieve:
      > I have some HTML documents serviced by Apache httpd. Some of these
      > documents are to be accessed only by the users who also appear in
      > /etc/passwd. So, I will write a Perl script which first sends a HTML
      > form prompting user's login id and password. Having received the
      > userid/password pair entered by the user, in one way or another, the
      > Perl script then matches this userid/password on /etc/passwd &
      > /etc/shadow. If the matching succeeds, then those restricted HTML
      > documents are sent to browser by Perl script.

      well, I can give you part of the solution - look at the crypt
      function:

      (snip from 'perldoc -f crypt`):

      $pwd = (getpwuid($<))[1];

      system "stty -echo";
      print "Password: ";
      chomp($word = <STDIN>);
      print "\n";
      system "stty echo";

      if (crypt($word, $pwd) ne $pwd) {
      die "Sorry...\n";
      } else {
      print "ok\n";
      }

      which works quite well. Even with shadow files, since the getpwuid
      call is privilaged, I guess? just be aware, the sending password
      unencrypted over HTTP is a very very bad thing (TM).

      Hope that gives you a lead,

      Dan

      Dan Boger - Georgetown Institute for Cognitive and Computational Sciences
      dan@... ICQ: 1130750
      Georgetown University Medical Center Washington, DC
    • CN Liu
      ... Hello! Dan, The direction you gave me is very very helpful to me. It is almost the exact solution I need. The last, I hope, bottleneck I have is that
      Message 2 of 4 , Jan 10, 2000
      • 0 Attachment
        >
        > well, I can give you part of the solution - look at the crypt
        > function:
        >
        > (snip from 'perldoc -f crypt`):
        >
        > $pwd = (getpwuid($<))[1];
        >
        > system "stty -echo";
        > print "Password: ";
        > chomp($word = <STDIN>);
        > print "\n";
        > system "stty echo";
        >
        > if (crypt($word, $pwd) ne $pwd) {
        > die "Sorry...\n";
        > } else {
        > print "ok\n";
        > }
        >
        > which works quite well. Even with shadow files, since the getpwuid
        > call is privilaged, I guess? just be aware, the sending password
        > unencrypted over HTTP is a very very bad thing (TM).
        >
        Hello! Dan,

        The direction you gave me is very very helpful to me. It is almost the
        exact solution I need. The last, I hope, bottleneck I have is that
        function getpwuid does not return the password field in /etc/shadow.
        Instead, it returns "x" from /etc/passwd:

        #!/usr/local/bin/perl
        $pwd = (getpwuid($<))[1];
        print "===",$pwd,"===\n";
        ($name,$passwd,$gid,$members) = getgr*
        print "===",$passwd,"===\n";
        $pwd = (getpwuid(0))[1];
        print "===",$pwd,"===\n";

        Its output is:

        ===x===
        ======
        ===x===

        Best Regards,

        CN
      • Dan Boger
        On Mon, 10 Jan 2000 17:08:47 +0800 CN Liu wrote ... sorry, my mistake - it was working for me cause of our yp server. To be able to
        Message 3 of 4 , Jan 10, 2000
        • 0 Attachment
          On Mon, 10 Jan 2000 17:08:47 +0800 CN Liu <cn@...> wrote
          concerning '[PBML] Re: Methods To Login Unix':
          > The direction you gave me is very very helpful to me. It is almost the
          > exact solution I need. The last, I hope, bottleneck I have is that
          > function getpwuid does not return the password field in /etc/shadow.
          > Instead, it returns "x" from /etc/passwd:
          >
          > #!/usr/local/bin/perl
          > $pwd = (getpwuid($<))[1];
          > print "===",$pwd,"===\n";
          > ($name,$passwd,$gid,$members) = getgr*
          > print "===",$passwd,"===\n";
          > $pwd = (getpwuid(0))[1];
          > print "===",$pwd,"===\n";
          >
          > Its output is:
          >
          > ===x===
          > ======
          > ===x===
          >

          sorry, my mistake - it was working for me cause of our yp server. To
          be able to read the shadow password, you have to run a privilaged
          process - that's the whole point of having shadow passwords. I don't
          know how you'd be able to authunticate as a non root in a shadow
          environment.

          Anyone else has ideas?

          Dan
        Your message has been successfully submitted and would be delivered to recipients shortly.