O. Wyss
--
See a huge pile of work at " http://wyodesktop.sourceforge.net/"
Otto Wyss wrote:
| I'm writing my own login application and have figured out how to
| retrieve the current login (getlogin) or the password file (getpwent)
| but I haven't found well the rest. ;-) Could anyone give me some hints
| for names I can look up?
You've almost got everything you need for classical passwords (/etc/passwd
passwords). You're missing crypt(3) and strcmp(3). See passwd(5) for some details.
The first two characters of the encrypted password (retrieved by getpwent()
are the crypt(3) 'salt' used to create the encrypted password.
Shadow passwords (/etc/shadow) are different. If the classical password is a
single byte string "x", then you'll want shadow(5) and getspent(3)
Finally, if you're using PAM, then I can't help you at all.
- --
Lew Pitcher
Master Codewright & JOAT-in-training | GPG public key available on request
Registered Linux User #112576 (http://counter.li.org/)
Slackware - Because I know what I'm doing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAtT7jagVFX4UWr64RAjerAJ9b8jHx53D1ZJyJ4lKjxSn0g0OJiACgjpja
JFNTK3jD2RHCz3dCFuLBqHE=
=36Ti
-----END PGP SIGNATURE-----
I have a bit of example code here:
http://www.daimi.au.dk/~kasperd/comp.os.linux.development.faq.html#crypt
>
> The first two characters of the encrypted password (retrieved by getpwent()
> are the crypt(3) 'salt' used to create the encrypted password.
Two characters for DES based passwords. The MD5 based
passwords use a longer salt. But you don't even need
to know about that to verify a password.
>
> Shadow passwords (/etc/shadow) are different. If the classical password is a
> single byte string "x", then you'll want shadow(5) and getspent(3)
And actually the source of the password and the coding
are orthogonal.
>
> Finally, if you're using PAM, then I can't help you at all.
I can't help either except from the URL above which
also contains a link to a bit of PAM documentation.
--
Kasper Dupont -- der bruger for meget tid paa usenet.
For sending spam use kas...@kd.lir.dk and ab...@kd.lir.dk
I'd rather be a hammer than a nail.
Kasper Dupont wrote:
> Lew Pitcher wrote:
[snip]
>>The first two characters of the encrypted password (retrieved by getpwent()
>>are the crypt(3) 'salt' used to create the encrypted password.
>
> Two characters for DES based passwords. The MD5 based
> passwords use a longer salt. But you don't even need
> to know about that to verify a password.
I hadn't thought about it that way.
No doubt that you can pass crypt() a pointer to the old encrypted password as
the 'salt' value, and let crypt() pick out the salt characters. That way, you
don't even care how long the salt should be as crypt() uses what it needs.
Well, I learn something new every day ;-)
Thanks!
[snip]
- --
Lew Pitcher
IT Consultant, Enterprise Application Architecture,
Enterprise Technology Solutions, TD Bank Financial Group
(Opinions expressed are my own, not my employers')
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
iD8DBQFAteFsagVFX4UWr64RAoGIAKDdS0C1GpEcD8nhRYDb5cCbVKtCugCaA0v9
SJwrnn8Jb0W10jXTDxN5G/A=
=XUQx
-----END PGP SIGNATURE-----
Kasper Dupont wrote:
| Lew Pitcher wrote:
|
|>You've almost got everything you need for classical passwords (/etc/passwd
|>passwords). You're missing crypt(3) and strcmp(3). See passwd(5) for some
details.
|
|
| I have a bit of example code here:
| http://www.daimi.au.dk/~kasperd/comp.os.linux.development.faq.html#crypt
|
|
|>The first two characters of the encrypted password (retrieved by getpwent()
|>are the crypt(3) 'salt' used to create the encrypted password.
|
|
| Two characters for DES based passwords. The MD5 based
| passwords use a longer salt. But you don't even need
| to know about that to verify a password.
|
|
|>Shadow passwords (/etc/shadow) are different. If the classical password is a
|>single byte string "x", then you'll want shadow(5) and getspent(3)
|
|
| And actually the source of the password and the coding
| are orthogonal.
The observation was meant more as a guide that, for a system that uses shadow
passwords, the OP couldn't compare the encrypted getpwent() password to the
encrypted getpass() password. Instead, the OP would have to be sensitive to
the contents of the getpwent() password, and if it consisted of the string
"x", compare against the getspent() password instead.
- --
Lew Pitcher
Master Codewright & JOAT-in-training | GPG public key available on request
Registered Linux User #112576 (http://counter.li.org/)
Slackware - Because I know what I'm doing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAtrTfagVFX4UWr64RAugxAKCnQI6EXDIP3Ekl/JHi9FjX7mF8KgCfYZZU
tZ/RPAeMxkr54Y4Gbk+2s8k=
=R6sm
-----END PGP SIGNATURE-----
OK, that makes sense. But I guess if you use PAM you
wouldn't even have to worry about that. This is
something PAM should take care of. (I don't know much
about PAM though).
> (I don't know much about PAM though).
Who does? It has always been rather misty to me, but I must confess I have
always been too lazy/busy to read Sun's documentation about it (as in
http://www.sun.com/blueprints/0902/816-7669-10.pdf and
http://www.sun.com/blueprints/1002/816-7670-10.pdf for Solaris 9). One day,
maybe ...
Bye, Dragan
--
Dragan Cvetkovic,
To be or not to be is true. G. Boole No it isn't. L. E. J. Brouwer
!!! Sender/From address is bogus. Use reply-to one !!!
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Kasper Dupont wrote:
>
> > Lew Pitcher wrote:
> [snip]
Thanks for all the suggestions, now I've a lot to look through.