Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How can I check that a password is correct?
Top Forums Shell Programming and Scripting How can I check that a password is correct? Post 302285970 by chebarbudo on Tuesday 10th of February 2009 03:41:27 AM
Old 02-10-2009
Hi pludi,
It took me a while to understand your "chinese". Sorry, I'm not a real pro.
Hi rmuledeer and thanks for your help as well.

Actually, the salt must only be part of the hashed password. The following shows that without salt, the hash is "random" but if you provide a specific one, you get the same hash.
Code:
ks354286:~# pw=$(mkpasswd -H md5 topsecret); echo $pw
$1$v2CxH4iz$T/186EWGfcqq9hXOpWKvv1
ks354286:~# pw=$(mkpasswd -H md5 topsecret); echo $pw
$1$akgRfAM.$4vlNIo233jQVM2jc989Ss/
ks354286:~# pw=$(mkpasswd -H md5 -S ${pw:3:8} topsecret); echo $pw
$1$akgRfAM.$4vlNIo233jQVM2jc989Ss/

Now, here is what I found to check someone's password (you must be root or have sudo powers):
Code:
ks354286:~# user=foo
ks354286:~# password=topsecret
ks354286:~# hpw=$(grep "^$user:" /etc/shadow | cut -d ':' -f 2)
ks354286:~# grep -q "^$user:$(mkpasswd -H md5 -S ${hpw:3:8} $password)" /etc/shadow && echo OK || echo 'Denied!'
OK
ks354286:~#
ks354286:~# password=notsosure
ks354286:~# hpw=$(grep "^$user:" /etc/shadow | cut -d ':' -f 2)
ks354286:~# grep -q "^$user:$(mkpasswd -H md5 -S ${hpw:3:8} $password)" /etc/shadow && echo OK || echo 'Denied!'
Denied!

So far, so good. The problem is that I'm trying to create a web interface to allow users to change their password. Why?
1) They don't know what unix is and would not be able to change it through the shell (they don't even have access to it).
2) But they use several services that rely on their unix account
It's a small group of people that I know and they just tell me their password but I'd like this to be more confidential.

So I have my script that checks a password before changing it. But it must be executed as root and the web page is www-data. Any idea to work around this?
1) Let www-data store the form (username, oldpassword, newpassword) in a file and run a cron every minute so root can apply the changes (dumb eh!)
Problem1: The password lays uncrypted during 30 seconds.
Problem2: I cannot warn the user if he has entered an incorrect oldpassword.
2) Give www-data superpowers (dumber?)

Any other idea?
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Check for the correct date format in UNIx

Hi All, I am getting two input from User for Date from the command prompt when my script is executed . The date format i am taking is : DD-MM-YYYY so is there any method in Unix to validate the two input date. There might be many cases for these two date to be invalid.... (1 Reply)
Discussion started by: rawatds
1 Replies

2. Shell Programming and Scripting

WORD SEARCH - CHECK IF CORRECT!

Im currently working on a Script using PICO editor, the scripts purpose is : When you typed a certain "word" and press enter, All directories, Script, and any other files that contain that "word" will be displayed.. for example i typed "DOG".. all executable script, Directories, and any other... (3 Replies)
Discussion started by: jenimesh19
3 Replies

3. Homework & Coursework Questions

Word Search: Can you please check if this is correct. thanks!

Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted! 1. The problem statement, all variables and given/known data: Im currently doing a search command.. for example , when i typed a certain word , lets say "DOG".. all... (7 Replies)
Discussion started by: jenimesh19
7 Replies

4. Shell Programming and Scripting

Check my script and correct the find command if wrong

Hello All, Here I am trying to find all the directories whose name starts with EFS or HOTFIX like in below example and below is my code but I don’t know why this is not working correctly. drwxr-xr-x 3 qabuild denccefs 4096 Sep 23 21:36 EFS110929A_SOURCE/ -rwxrwxr-x 1 qabuild... (2 Replies)
Discussion started by: anuragpgtgerman
2 Replies

5. AIX

SSH session closes after typing correct password

hi guys need some help. when ever i'm login ssh to aix server session always closed. when trying t0 type wrong password the session still continues, but we tried the correct password it automatically ends. what could be the problem to this please see .profile details ... (6 Replies)
Discussion started by: bocha
6 Replies

6. Shell Programming and Scripting

perl script to check the mail ids in the correct format or not

Hi Folks, I have few mailids in a text file and need to check whether the mailid is in correct format or not. If just to check whether the string is a mailid or not there is a perl module Email::Valid to do the business or we can implement our own logic. But the mail_ids I am having is... (4 Replies)
Discussion started by: giridhar276
4 Replies

7. Shell Programming and Scripting

How to check if date format is correct?

Hi! how do i know if the input is the same as the required date format? the date should be dd/mm/YYYY ex. 2/3/2012 or 15/11/2012 all the following conditions must return an error: *input of string *day is > 31 or < 1 *month is > 12 or < 1 *year is < 2013 suppose the date format is stored... (1 Reply)
Discussion started by: angilulu
1 Replies

8. Shell Programming and Scripting

How to check user entered correct file format or not?

Hi Experts, path=/db/files/ format=$1 User can enter any file format.compare the user file format with actual file format existed in the directory /db/files. User enter all characters as "A" apart from date format. example1: user will be entering the file format AAA_AA_YYYYMMDD.AAA Actual... (6 Replies)
Discussion started by: nalu
6 Replies

9. OS X (Apple)

"Permission denied" when trying to SSH my iPhone though password is correct

Hi, I hope this is the correct section in the forum to post as I'm trying to SSH from my MacBook. I was looking to see whether ssh on my jailbroken iPhone 6s (10.3.1) still works fine and was following this old reddit guide. I installed OpenSSH&OpenSSL from Cydia and changed the password using... (7 Replies)
Discussion started by: hss1
7 Replies

10. Forum Support Area for Unregistered Users & Account Problems

Cannot login although name and password are correct

I cannot login. Already activated my account and entered the correct password but cannot get in. Then I clicked forget password to set a new one. Upon setting a new one and tried to login, still failed until I repeatedly press the login button which triggered the 15 minutes login barrier. Have... (1 Reply)
Discussion started by: Unregistered
1 Replies

LEARN ABOUT DEBIAN

expect_mkpasswd

MKPASSWD(1)						      General Commands Manual						       MKPASSWD(1)

NAME

       mkpasswd - generate new password, optionally apply it to a user

SYNOPSIS

       mkpasswd [ args ] [ user ]

INTRODUCTION

       mkpasswd generates passwords and can apply them automatically to users.	mkpasswd is based on the code from Chapter 23 of the O'Reilly book
       "Exploring Expect".

USAGE

       With no arguments, mkpasswd returns a new password.

	    mkpasswd

       With a user name, mkpasswd assigns a new password to the user.

	    mkpasswd don

       The passwords are randomly generated according to the flags below.

FLAGS

       The -l flag defines the length of the password.	The default is 9.  The following example creates a 20 character password.

	    mkpasswd -l 20

       The -d flag defines the minimum number of digits that must be in the password.  The default is 2.  The following example creates a password
       with at least 3 digits.

	    mkpasswd -d 3

       The -c flag defines the minimum number of lowercase alphabetic characters that must be in the password.	The default is 2.

       The -C flag defines the minimum number of uppercase alphabetic characters that must be in the password.	The default is 2.

       The -s flag defines the minimum number of special characters that must be in the password.  The default is 1.

       The -p flag names a program to set the password.  By default, /etc/yppasswd is used if present, otherwise /bin/passwd is used.

       The  -2 flag causes characters to be chosen so that they alternate between right and left hands (qwerty-style), making it harder for anyone
       watching passwords being entered.  This can also make it easier for a password-guessing program.

       The -v flag causes the password-setting interaction to be visible.  By default, it is suppressed.

EXAMPLE

       The following example creates a 15-character password that contains at least 3 digits and 5 uppercase characters.

	    mkpasswd -l 15 -d 3 -C 5

SEE ALSO

       "Exploring Expect: A Tcl-Based Toolkit for Automating Interactive Programs" by Don Libes, O'Reilly and Associates, January 1995.

AUTHOR

       Don Libes, National Institute of Standards and Technology

       mkpasswd is in the public domain.  NIST and I would appreciate credit if this program or parts of it are used.

								  22 August 1994						       MKPASSWD(1)
All times are GMT -4. The time now is 04:50 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy