[ale] Re: MD5

Robert L. Harris Robert.L.Harris at rdlg.net
Thu Feb 27 15:34:03 EST 2003



Just got your last reply, ignore my brain, I'm sending it out for
service.

Thus spake cfowler (cfowler at outpostsentinel.com):

> The only thing I can tell you is to 'man crypt'
> 
> the passwords are one way encrypted.  The can be encrypted but not
> decrypted.  SO in UNIX what happens is that when a user logs in, the
> plain text password is encrypted via crypt().  The original encrypted
> password is supplied as the salt.  crypt() is smart enough to extract
> the salt from the encrypted string.  If the newly encrypted string
> matches what is in the /etc/passwd file, then the user has passed that
> test.
> 
> In order to read /etc/passwd and friends, the pass program must be ran
> as root.  Take the C code I gave you and modify it to exit(code) with
> special numbers. Then look at $? in the script after execution and
> you'll know if it was successful are not and can continue with the code
> for the correct circumstance.
> 
> #!/bin/sh
> 
> user=$1
> pass=$2
> 
> pass ${user} ${pass}
> RVAL=$?
> 
> if [ $RVAL -eq 2 ]
> then
>    echo "Invalid username"
>    exit 1
> fi
> 
> if [ $RVAL -eq 1 ]
> then
>   echo "Invalid password"
>   exit 1
> fi
> 
> # Do somehting....
> 
> 
> 
> On Thu, 2003-02-27 at 15:16, Robert L. Harris wrote:
> > 
> > 
> > Thanks,
> >   Do you have any docs I can read up on also?  Finding good info seems a
> > bit sketchy.
> > 
> > Robert
> > 
> > 
> > Thus spake cfowler (cfowler at outpostsentinel.com):
> > 
> > > Robert,
> > > 
> > > I cranked out a quick program that may work
> > > 
> > > pass <user> <pass>
> > > 
> > > For user tom it would be: pass tom password
> > > 
> > > Attached is bin and source.
> > > 
> > > 
> > > 
> > > -- 
> > > "The Law of Leaky Abstractions"
> > > There is a time where abstractions lead to the inablity to 
> > > fix problems that leak through the abstraction.
> > > http://www.joelonsoftware.com/articles/LeakyAbstractions.html
> > 
> > 
> > 
> > 
> > :wq!
> > ---------------------------------------------------------------------------
> > Robert L. Harris                     | PGP Key ID: E344DA3B
> >                                          @ x-hkp://pgp.mit.edu 
> > DISCLAIMER:
> >       These are MY OPINIONS ALONE.  I speak for no-one else.
> > 
> > Diagnosis: witzelsucht  	
> > 
> > IPv6 = robert at ipv6.rdlg.net	http://ipv6.rdlg.net
> > IPv4 = robert at mail.rdlg.net	http://www.rdlg.net
> -- 
> "The Law of Leaky Abstractions"
> There is a time where abstractions lead to the inablity to 
> fix problems that leak through the abstraction.
> http://www.joelonsoftware.com/articles/LeakyAbstractions.html

:wq!
---------------------------------------------------------------------------
Robert L. Harris                     | PGP Key ID: E344DA3B
                                         @ x-hkp://pgp.mit.edu 
DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.

Diagnosis: witzelsucht  	

IPv6 = robert at ipv6.rdlg.net	http://ipv6.rdlg.net
IPv4 = robert at mail.rdlg.net	http://www.rdlg.net

 PGP signature




More information about the Ale mailing list