Q

Verifying an encrypted password against a shadow password file

I'm doing a project named Webmail (with Linux/Perl as backend). When a user registers on our site by giving a username and password, his password is encrypted and stored in the shadow password file (/etc/shadow). I want to check the password entered by a user with this shadow password file where his password is encrypted through my program. Can you tell me how I can do this?


The routines you need are in . You can find them on a Linux system with "man shadow."

I think the main routine you want is getspent(). This gets the shadow password entry and lets you compare things as you desire. Read through that man page -- it includes the data structures in all their gory detail.


For more information on this topic, visit these other SearchSecurity resources:
Best Web Links: Passwords/Authentication
Ask the Expert: What is password shadowing?
Best Web Links: Securing Linux


This was first published in April 2002

Dig deeper on Security Resources

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close