[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Test user password against a known value

From: Cameron Simpson <cs zip com au>
To: redhat-list redhat com
Subject: Re: Test user password against a known value
Date: Thu Feb 28 00:37:00 2002

On 05:17 28 Feb 2002, Peter Kiem <zordah zordah net> wrote:
| I need to write a script (preferably bash, perl if necessary) that can test a 
| specified user's password against a test password to see if they have changed 
| it or not.
| It should be as simple as running an MD5 over the test password and comparing 
| to the MD5 password stored for them to make sure it matches, right?
| Does anyone have any scripts for doing this on a Red Hat 7.1 system?

This script:

	http://www.zip.com.au/~cs/scripts/pwcrypt

does it for old style crypt() passwords. There should be equivalent code
for the MD5 stuff. The only thing you've missed is that most of these
things use a salt, kept with the hash, to make sure that if two people
have the same password, their hashes _aren't_ the same.

Anyway, your basic idea is correct: hash the passwords and compare.
-- 
Cameron Simpson, DoD#743        cs zip com au    http://www.zip.com.au/~cs/

As a computer journalist, he's a good travel writer.
	- Ian Yates <iyates biz su edu au> about Gareth Powell

Follow-Ups:
- Re: Test user password against a known value
  - From: Peter Kiem

References:
- Test user password against a known value
  - From: Peter Kiem

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]