开发者

shadow password

I'm trying to compare shadow password with php cli but not work ! i use this function so i can create password like shadow

function shadow ($input){
    for ($n = 0; $n 开发者_如何学Go< 9; $n++){
        $s .= chr(rand(64,126));
    }
    $seed =  "$1$".$s."$";
    $return = crypt($input,$seed);
    return $return;
}

when i replace the result in shadow it's work with the password but it's have different character how i can compare it .

thanks


Your function creates a random salt (variable seed) using the php rand function. Thus, your salt will be different than the salt used by the existing password in the shadow file.

If you want to compare hashes (i.e. compare the output of your crypt call with the value in shadow), both hashes need to be created with the same salt. Thus, you need to use the salt from the existing password in the shadow file (= the $1$...$ part) instead of creating your own randomly.

In other words, drop your function and just use crypt($input, '$1$...$') instead, with $1$...$ being the first part of the hash in /etc/shadow.


Use the salt stored in the password file:

 $crypted=crypt($_POST['password'], $stored_password);
 if ($crypted==$stored_password) ( // they match

Note that you don't have to explicity extract the salt from the stored password, nor worry about the algorithm/salt size - crypt does that for you.

C.


It might also be worth looking into the PAM pecl extension instead of fiddling with /etc/shadow.

This extension provides PAM (Pluggable Authentication Modules) integration. PAM is a system of libraries that handle the authentication tasks of applications and services. The library provides a stable API for applications to defer to for authentication tasks.
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜