Categories
Bookmarked Server Configuration

Good Password

Ever since I got company server to manage and create user account, email account. I found it very hard to do so as thinking a new password is not that easy. But my quest end when I landed on http://www.goodpassword.com, where they generate password for us and that too for free. Give it a try a must for admins.

Categories
Concept/algorithm Operating System PHP

Linux User authentication using PHP

In one of my last post i try to define how linux store its password. Today I will be putting Complete PHP code for it.

Just run it on your local server(mind it your Http server must be running as root user in order to use this script )

Its a raw way of doing password matching and shouldn’t be used for commerical application or servers. its purely Learning script

So here goes the script

6 && CRYPT_MD5 == 1) {
$salts = explode(“$”,”$userlist[1]”);
$salt = “\$1\$”.$salts[2].”\$”;
$gen_password= crypt($password,$salt);
if ($gen_password == $userlist[1]) {
$UserMatch = true;
}
else
{
$UserMatch = false;
}
}
else {
$UserMatch = false;
}
break;
}
}
return $UserMatch ;
}

if (ReadUser(“sumit”) == true)
{
if (MatchPassword(“sumit”,”sumit”) == true )
{
echo “Login successful”;
}
else
{
echo “Login unsuccessful”;
}
}
?>

Hope that helps learn understanding linux passwd and shadow usage.

EDIT: I will update the script sometime sooner maybe!!!

Categories
Operating System Server Configuration

Linux Password reveal

Hi,

I just discover how a Linux password is formed. This information is useful for those who have to write a piece of code for their software to either match user authentication or make new user from their script. Though Linux Provide PAM for the purpose, but for me configuring PAM for you application that can generate its password itself is not useful. But its recommended as its General application and if in future Linux authentication method or password saving change you can easily adopt to it.

Anyways, here is where we store User information in linux

/etc/passwd

and here we store its password

/etc/shadow

now shadow file has column seperated by [ : ] colons
like
sumit:$1$YgUxVnSK$/Y/QjCfBDyoZriQ7oQnxs.:13316:0:99999:7:::
in this it tells there is a user call sumit with password as $1$YgUxVnSK$/Y/QjCfBDyoZriQ7oQnxs.

This password is divided in Three parts seperated by $ (dollar) sign.
$1 is indication of fact taht its an MD5 crypted password
$YgUxVnSK is the salt use to crypt the password
$/Y/QjCfBDyoZriQ7oQnxs. is the password
But these values are read without $ sign :o)

So if you need to make a linux password simple take a Salt for your Password encryption and crypt your password with it and than append $1 with both values and write it in Shadow file.. simple

in PHP its quite simple to do …just call crypt function with out any salt

like

$password= crypt(“mypassword”);

And in PERL you need to ensure a random salt as crypt function of perl produce different result on windows and on Linux :o(

in windows machine crypt function call will be
$password= crypt(“mypassword”,””);
produce some thing like

/Y/QjCfBDyoZriQ7oQnxs.

where as in linux it will be full linux password style

Hope I am clear in telling linux password, as programmer you don’t need to know more on this…

Sumit Gupta