Given a linux username and a password how can I test if it is a valid account?
You can validate that a given password is correct for a given username using the shadow file.
On most modern distributions, the hashed passwords are stored in the shadow file /etc/shadow (which is only readable by root). As root, pull the line from the shadow file for the given user like so:
cat /etc/shadow | grep username
You will see something like this:
username:$1$TrOIigLp$PUHL00kS5UY3CMVaiC0/g0:15020:0:99999:7:::
After the username there is $1. This indicates that it is an MD5 hash. After that there is another $, then (in this case) TrOIigLp followed by another $. TrOIigLp is the salt. After that is the hashed password, which was hashed using the salt - in this case PUHL00kS5UY3CMVaiC0/g0.
Now, you can use openssl to hash the given password using the same salt, like so:
openssl passwd -1 -salt TrOIigLp
Enter the given password when prompted, the openssl command should compute the MD5 hash using the salt provided, and it should be exactly the same as the above from the shadow file. The -1 in the above command is for MD5 hashing.
Check the root password
You can validate that a given password is correct for a given username using the shadow file.
See Given a linux username and a password how can I test if it is a valid account? for the mechanics of how this is done. It should be possible to perform the same operations in a C program.
check password linux user
Replace PSWD
with PASSWD
and replace PASSWD="aabbcc"
with export PASSWD="aabbcc"
.
check unix username and password in a shellscript
Ok, now this is the script that I used to solve my problem. I first tried to write a small c-programm as susgested by Aaron Digulla, but that proved much too difficult.
Perhaps this Script is useful to someone else.
#!/bin/bash
#
# login.sh $USERNAME $PASSWORD
#this script doesn't work if it is run as root, since then we don't have to specify a pw for 'su'
if [ $(id -u) -eq 0 ]; then
echo "This script can't be run as root." 1>&2
exit 1
fi
if [ ! $# -eq 2 ]; then
echo "Wrong Number of Arguments (expected 2, got $#)" 1>&2
exit 1
fi
USERNAME=$1
PASSWORD=$2
# Setting the language to English for the expected "Password:" string, see http://askubuntu.com/a/264709/18014
export LC_ALL=C
#since we use expect inside a bash-script, we have to escape tcl-$.
expect << EOF
spawn su $USERNAME -c "exit"
expect "Password:"
send "$PASSWORD\r"
#expect eof
set wait_result [wait]
# check if it is an OS error or a return code from our command
# index 2 should be -1 for OS erro, 0 for command return code
if {[lindex \$wait_result 2] == 0} {
exit [lindex \$wait_result 3]
}
else {
exit 1
}
EOF
Related Topics
Amazon Linux: "Apt-Get: Command Not Found"
Compile/Run Assembler in Linux
How to Check in Bash Whether a File Was Created More Than X Time Ago
How to Map a Hostname *And* a Port with /Etc/Hosts
How to Tar Certain File Types in All Subdirectories
How to List One Filename Per Output Line in Linux
Omitting the First Line from Any Linux Command Output
How to Ssh Multiple Hops Without Putting the Local Rsa Key Everywhere
Makefile Export .O File to a Different Path Than .Cpp
How to Loop Through the Coming Frequency of the Keyword
Why Does Perf Show That Sleep Takes All Cores
How to Delete First Two Lines and Last Four Lines from a Text File with Bash
Macros for Gcc/G++ to Differentiate Linux and MAC Osx
How to Send a Sequence of at Commands to a Serial Port in Bash