Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 15 Aug 2020 20:49:11 +0200
From:      Polytropon <freebsd@edvax.de>
To:        Grzegorz Junka <list1@gjunka.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Verify user password
Message-ID:  <20200815204911.7007deca.freebsd@edvax.de>
In-Reply-To: <af84bcef-ceff-4d7f-b012-3ef06e0ed5ec@gjunka.com>
References:  <af84bcef-ceff-4d7f-b012-3ef06e0ed5ec@gjunka.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 15 Aug 2020 12:39:06 +0000, Grzegorz Junka wrote:
> How can I verify if a given password matches the password stored in 
> master.passwd database for a user account that is set up with 
> /nonexistent and /usr/sbin/nologin (so a user that can't normally login 
> to the system but still can have a password stored in the database)?

First of all, /nonexistent and /usr/sbin/nologin have different
purposes: if after a successful login the user's interactive shell
is to be executed, /nonexistent leads to a "cannot find that program
to execute, exiting right now" situation, while /usr/sbin/nologin
can actually be executed and then displays an error message and
exits, terminating the session.

See "man 1 login" and "man 1 nologin" for details.

Regarding password verification:

If you have read access to /etc/master.passwd and the clear text
password of a user, you can use the crypt() function to generate
the encrypted password, and then compare that. I think that is
what you try to do, correct?

provided: 	plain-text password P from somewhere
		encrypted password E from /etc/master.passwd

intended:	is crypt(P) == E?

approach:	P' = crypt(P)
		test if P' == S

This is of course very simplified. :-)

See "man 5 passwd" and especially "man 3 crypt" for details.


-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200815204911.7007deca.freebsd>