Q
Problem solve Get help with specific problems with your technologies, process and projects.

Verifying an encrypted password against a shadow password file

I'm doing a project named Webmail (with Linux/Perl as backend). When a user registers on our site by giving a username and password, his password is encrypted and stored in the shadow password file (/etc/shadow). I want to check the password entered by a user with this shadow password file where his password is encrypted through my program. Can you tell me how I can do this?


The routines you need are in . You can find them on a Linux system with "man shadow."

I think the main routine you want is getspent(). This gets the shadow password entry and lets you compare things as you desire. Read through that man page -- it includes the data structures in all their gory detail.


For more information on this topic, visit these other SearchSecurity resources:
Best Web Links: Passwords/Authentication
Ask the Expert: What is password shadowing?
Best Web Links: Securing Linux


This was last published in April 2002

Dig Deeper on Information security policies, procedures and guidelines

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close