Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re: Testing A users's unix password with perl

by mrbbking (Hermit)
on May 08, 2002 at 19:04 UTC ( #165138=note: print w/ replies, xml ) Need Help??


in reply to Testing A users's unix password with perl

Step 1: Get written authorization to do this.

See merlyn's unintentional object lesson at http://www.lightlink.com/spacenka/fors/


Comment on Re: Testing A users's unix password with perl
Re: Re: Testing A users's unix password with perl
by cfreak (Chaplain) on May 08, 2002 at 19:15 UTC

    Since I know very little about that I'm not sure how it relates.

    If it makes you feel better this is what i'm doing: I'm a webmaster/system admin at a small ISP. This ISP wants users to beable to change their password through a secure web interface. I want to bypass system prompting. I figured out that I can use Net::SSH to connect to the correct systems as root and use echo to pipe the new password to passwd --stdin in one command. I know it might not be the best idea to login as root but I am using SSH with keys and its on our network (never goes outside) so I'm not too worried about it.

    What I need is a way to verify that the user is giving me a correct old password. I originally thought of using Net::Telnet but of course that's not nearly as secure and it loses the ability to use a single commmand to change the password (since I would not use root over telnet).

    I have authorization to do this, I've been asked to. I'm not worried about my employer suing me. Small companies don't have the money or time for such nonsense

    Chris

    Some clever or funny quote here.

      You might be wasting your time as most password changes are the result of forgetting the password in the first place. Besides you want to hand out as little information as possible when it involves your security.

      As to permission, do you have it in writing? The company may not sue you but they can always fire you. And people will tend to believe a company over an ex-employee.

Re: Re: Testing A users's unix password with perl
by greenFox (Vicar) on May 08, 2002 at 22:31 UTC
    You don't need to "see" the password to verify if the user knows it. See my node below or crypt. I am not a lawyer but I believe this is very different to running crack on a system.

    --
    my $chainsaw = 'Perl';

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://165138]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (15)
As of 2014-07-31 13:31 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (248 votes), past polls