[ale] Re: MD5

cfowler cfowler at outpostsentinel.com
Thu Feb 27 15:27:35 EST 2003 

The only thing I can tell you is to 'man crypt'

the passwords are one way encrypted.  The can be encrypted but not
decrypted.  SO in UNIX what happens is that when a user logs in, the
plain text password is encrypted via crypt().  The original encrypted
password is supplied as the salt.  crypt() is smart enough to extract
the salt from the encrypted string.  If the newly encrypted string
matches what is in the /etc/passwd file, then the user has passed that
test.

In order to read /etc/passwd and friends, the pass program must be ran
as root.  Take the C code I gave you and modify it to exit(code) with
special numbers. Then look at $? in the script after execution and
you'll know if it was successful are not and can continue with the code
for the correct circumstance.

#!/bin/sh

user=$1
pass=$2

pass ${user} ${pass}
RVAL=$?

if [ $RVAL -eq 2 ]
then
   echo "Invalid username"
   exit 1
fi

if [ $RVAL -eq 1 ]
then
  echo "Invalid password"
  exit 1
fi

# Do somehting....



On Thu, 2003-02-27 at 15:16, Robert L. Harris wrote:
> 
> 
> Thanks,
>   Do you have any docs I can read up on also?  Finding good info seems a
> bit sketchy.
> 
> Robert
> 
> 
> Thus spake cfowler (cfowler at outpostsentinel.com):
> 
> > Robert,
> > 
> > I cranked out a quick program that may work
> > 
> > pass <user> <pass>
> > 
> > For user tom it would be: pass tom password
> > 
> > Attached is bin and source.
> > 
> > 
> > 
> > -- 
> > "The Law of Leaky Abstractions"
> > There is a time where abstractions lead to the inablity to 
> > fix problems that leak through the abstraction.
> > http://www.joelonsoftware.com/articles/LeakyAbstractions.html
> 
> 
> 
> 
> :wq!
> ---------------------------------------------------------------------------
> Robert L. Harris                     | PGP Key ID: E344DA3B
>                                          @ x-hkp://pgp.mit.edu 
> DISCLAIMER:
>       These are MY OPINIONS ALONE.  I speak for no-one else.
> 
> Diagnosis: witzelsucht  	
> 
> IPv6 = robert at ipv6.rdlg.net	http://ipv6.rdlg.net
> IPv4 = robert at mail.rdlg.net	http://www.rdlg.net
-- 
"The Law of Leaky Abstractions"
There is a time where abstractions lead to the inablity to 
fix problems that leak through the abstraction.
http://www.joelonsoftware.com/articles/LeakyAbstractions.html

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list