Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical

Re: Testing A users's unix password with perl

by greenFox (Vicar)
on May 08, 2002 at 21:53 UTC ( #165196=note: print w/replies, xml ) Need Help??

in reply to Testing A users's unix password with perl

See perlfunc:crypt which has sample code to do exactly what you want. I have used it and it does work.

I would recommend you look into ssh forced commands if you are going to litter (pass-phrase less) keys to roots account around the place (or keys with the pass-phrase embedded in the script). At least that way if someone Ownz the box with the key they can only run the command you allow, although being able to reset passwords is bad enough! Make sure the forced command can only reset the password for allowed accounts- allow by uid range for example. Turn taint mode on for your forced command as well (-wT). Definately do NOT allow roots password to be reset this way! :)

I have used perl with open2 /open3 to the system ssh to send data across the network, open2/3 allows you to talk to stdin/stdout at the same time and passed parameters aren't visible from a local ps. Works well and you don't have to keep two versions of ssh (system & perls) up to date with security fixes.

I still think it is a bad idea though, it sounds like what you really need is NIS or LDAP. Your script then only needs admin privilege to NIS/LDAP and not to root.

Hope this helps

my $chainsaw = 'Perl';

  • Comment on Re: Testing A users's unix password with perl

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://165196]
[erix]: damn the fucking idiot can't even spell separation

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (9)
As of 2018-06-20 20:50 GMT
Find Nodes?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?

    Results (117 votes). Check out past polls.