Verifying an encrypted password against a shadow password file
I'm doing a project named Webmail (with Linux/Perl as backend). When a user registers on our site by giving a username and password, his password is encrypted and stored in the shadow password file (/etc/shadow). I want to check the password entered by a user with this shadow password file where his password is encrypted through my program. Can you tell me how I can do this?
The routines you need are in . You can find them on a Linux system
with "man shadow."
I think the main routine you want is getspent(). This gets the shadow
password entry and lets you compare things as you desire. Read through that
man page -- it includes the data structures in all their gory detail.
For more information on this topic, visit these other SearchSecurity resources:
Best Web Links: Passwords/Authentication
Ask the Expert: What is password shadowing?
Best Web Links: Securing Linux
This was first published in April 2002