how to check for unix password
Mike Meyer
mwm at mired.org
Wed Nov 2 09:35:21 EST 2005
eight02645999 at yahoo.com writes:
> i created a login page that authenticate the user and his/her password
> to the unix ssystem. what modules can i used to compare the unix
> password with what the user typed in the cgi form? the password is
> encrypted (shadowed) so i need to
> decrypt it first before comparing to what the user typed. or this
> cannot be done at all?
As has already been pointed out, users authenticate to Unix systems
with a lot more than passwords.
Also, it's not a good idea to make a web page use a system
password. Web page passwords tend to be poorly protected.
Finally, you can't decrypt a Unix password file password. The
algorithm is to encrypt what the user typed (with crypt.crypt) then
compare that with the entry in the password file. You pass crypt.crypt
the user-entered pasword as the first argument, and the password from
the password file as the second, and compare the returned value to the
password from the password file.
<mike
--
Mike Meyer <mwm at mired.org> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
More information about the Python-list
mailing list