I'm doing a project named Webmail (with Linux/Perl as backend). When a user registers on our site by giving a username and password, his password is encrypted and stored in the shadow password file (/etc/shadow). I want to check the password entered by a user with this shadow password file where his password is encrypted through my program. Can you tell me how I can do this?
The routines you need are in
I think the main routine you want is getspent(). This gets the shadow password entry and lets you compare things as you desire. Read through that man page -- it includes the data structures in all their gory detail.
For more information on this topic, visit these other SearchSecurity resources:
Best Web Links: Passwords/Authentication
Ask the Expert: What is password shadowing?
Best Web Links: Securing Linux