I want to check in a shell script if a local unix-user's passed username and password are correct. What is the easiest way to do this?
Only thing that I found while googling was using 'expect' and 'su' and then checking somehow if the 'su' was successful or not.
the username and passwords are written in the
/etc/shadow
file. just get the user and the password hash from there (sed
would help), hash your own password and check.use mkpasswd to generate the hash. you hve to look which salt your version is using. the newest shadow is using
sha-512
so :manpages can help you there a lot.
Easier would be to use php and the pam-aut module. there you can check vie php on group access pwd user.
Partial answere would be to check user name, is it defined in the passwd/shadow file in /etc then calculate the passwords MD5 with salt. If you have your user password sended over SSL (or at least some server terminal service).
Its just a hint because I dont know what do You need actually. Because "su" is mainly for authentication purposes.
Other topics which You might look at are kerberos/LDAP services, but those are hard topics.
On Linux, you will need to write a small C program which calls
pam_authenticate()
. If the call returnsPAM_SUCCESS
, then the login and password are correct.Ok, now this is the script that I used to solve my problem. I first tried to write a small c-programm as susgested by Aaron Digulla, but that proved much too difficult.
Perhaps this Script is useful to someone else.