Ask the Expert

Verifying an encrypted password against a shadow password file

I'm doing a project named Webmail (with Linux/Perl as backend). When a user registers on our site by giving a username and password, his password is encrypted and stored in the shadow password file (/etc/shadow). I want to check the password entered by a user with this shadow password file where his password is encrypted through my program. Can you tell me how I can do this?


    Requires Free Membership to View

The routines you need are in . You can find them on a Linux system with "man shadow."

I think the main routine you want is getspent(). This gets the shadow password entry and lets you compare things as you desire. Read through that man page -- it includes the data structures in all their gory detail.


For more information on this topic, visit these other SearchSecurity resources:
Best Web Links: Passwords/Authentication
Ask the Expert: What is password shadowing?
Best Web Links: Securing Linux


This was first published in April 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: