ansaurus

Question

check unix username and password in a shellscript

Answer 1

+2 A:

the username and passwords are written in the /etc/shadow file. just get the user and the password hash from there (sed would help), hash your own password and check.

use mkpasswd to generate the hash. you hve to look which salt your version is using. the newest shadow is using sha-512 so "mkpasswd -m sha-512 password salt"

manpages can help you there a lot.

easier would be to use php and the pam-aut module. there you can check vie php on group access pwd user.

Hayt 2009-09-22 12:22:08

more details about the implementation of this approach: http://ubuntuforums.org/archive/index.php/t-1232715.html

Pascal Thivent 2009-09-22 12:23:53

oh ok, nice. I spend 6 hours figuring this approach out by myself a few month ago. this site would have helped a lot. but i needed this for web authentification, so i finally used the auth-pam module of php

Hayt 2009-09-22 12:27:41

where does it say PHP? oO

knittl 2009-09-22 12:31:43

nowhere. it was how I finally solved an similar problem.cluelessCoder has never said what he wants to do.it you want an simple shell solution you have to prse the shadow file. for web authentification this module is easy.Well you can also create a php file and coll this one from batch and parse the output (a bit overkill but easy to accomplish too. you only need to have a php server running on the local machine). Just several ways to accomplish a goal.

Hayt 2009-09-22 12:35:46

Answer 2

A:

Partial answere would be to check user name, is it defined in the passwd/shadow file in /etc then calculate the passwords MD5 with salt. If you have your user password sended over SSL (or at least some server terminal service).

Its just a hint because I dont know what do You need actually. Because "su" is mainly for authentication purposes.

Other topics which You might look at are kerberos/LDAP services, but those are hard topics.

bua 2009-09-22 12:23:03

Hayt have right this is not MD5 hash but sha.

bua 2009-09-22 12:26:11

Answer 3

+3 A:

On Linux, you will need to write a small C program which calls pam_authenticate(). If the call returns PAM_SUCCESS, then the login and password are correct.

Aaron Digulla 2009-09-22 12:26:11

Answer 4

A:

Ok, now this is the script that I used to solve my problem. I first tried to write a small c-programm as susgested by Aaron Digulla, but that proved much too difficult.

Perhaps this Script is useful to someone else.

#!/bin/bash
#
# login.sh $USERNAME $PASSWORD

#this script doesn't work if it is run as root, since then we don't have to specify a pw for 'su'
if [ $(id -u) -eq 0 ]; then
        echo "This script can't be run as root." 1>&2
        exit 1
fi

if [ ! $# -eq 2 ]; then
        echo "Wrong Number of Arguments (expected 2, got $#)" 1>&2
        exit 1
fi

USERNAME=$1
PASSWORD=$2

#since we use expect inside a bash-script, we have to escape tcl-$.
expect << EOF
spawn su $USERNAME -c "exit" 
expect "Password:"
send "$PASSWORD\r"
#expect eof

set wait_result  [wait]

# check if it is an OS error or a return code from our command
#   index 2 should be -1 for OS erro, 0 for command return code
if {[lindex \$wait_result 2] == 0} {
        exit [lindex \$wait_result 3]
} 
else {
        exit 1 
}
EOF

2009-10-01 13:02:48

ansaurus

tags:

views:

answers:

check unix username and password in a shellscript

related questions