authenticating against /etc/passwd

Re: authenticating against /etc/passwd

dave <dmehler26@woh. rr.com> wrote:[color=blue]
> I've got a php script that is trying to authenticate a user against a
> rh9 /etc/passwd file.[/color]

??? It's been quite some years since all Linux distributions switched
to shadow passwords. Useless you messed around /etc/passwd shouldn't
contain passwords, eg:
root:x:0:0:root :/root:/bin/sash


--

Daniel Tryba

Re: authenticating against /etc/passwd

> rh9 /etc/passwd file. The passwd file has permissions of 444 but when i try

As mentioned above, your passwords will not be in the /etc/passwd file.
They are in the shadow file.

You should look into PAM authentication

_______________ _______________ ______
Wil Moore III, MCP | Integrations Specialist | Senior Consultant
Business | Personal

Re: authenticating against /etc/passwd

Try generating the MD5 hash value of the password and comparing that
to the value stored in the passwd file..as far as i know linux
generates MD5 hashes and stores them instead of the real password...
that is why passwords in linux are irrecoverable.. . u can use the Md5
function in PHP to do that..

bye
Arvind

"dave" <dmehler26@woh. rr.com> wrote in message news:<CDgQb.167 1$59.52@fe1.col umbus.rr.com>.. .[color=blue]
> Hello,
> I've got a php script that is trying to authenticate a user against a
> rh9 /etc/passwd file. The passwd file has permissions of 444 but when i try
> to log in i am being redirected to my error page with the error invalid
> username or password. I have confirmed that the user in question can
> manually log in to the system so i know the credentials are correct. My only
> idea has been that the password uses special symbols a dollar sign for one
> and i thought escaping them with '' would work, this has not. Suggestions
> welcome.
> Thanks.
> Dave.[/color]

Re: authenticating against /etc/passwd

With total disregard for any kind of safety measures
<laidbak69@hotm ail.com> leapt forth and uttered:

Please do not post in HTML format in future.

--
There is no signature.....

Re: authenticating against /etc/passwd

With total disregard for any kind of safety measures
asomya@uncc.edu (Mad Max) leapt forth and uttered:
[color=blue]
> Try generating the MD5 hash value of the password and comparing
> that to the value stored in the passwd file..as far as i know
> linux generates MD5 hashes and stores them instead of the real
> password... that is why passwords in linux are irrecoverable.. .
> u can use the Md5 function in PHP to do that..
>[/color]

Actually I believe the passwords in passwd are encrypted using
crypt(), not md5()

Heres something the O.P. may wish to look into:


--
There is no signature.....