[EMAIL PROTECTED] wrote: > hi > i created a login page that authenticate the user and his/her password > to the unix ssystem. what modules can i used to compare the unix > password with what the user typed in the cgi form? the password is > encrypted (shadowed) so i need to
That's not the same thing. Unix passwords are always hashed (encrypted if you like), but shadowing means that the hashed password isn't visible in the /etc/passwd file (this file is readable to anyone logged into the system) but stored in a shadow file which is only available to administrators. > decrypt it first before comparing to what the user typed. or this > cannot be done at all? No. This is done with a one-way encryption algorithm, it shouldn't be possible to decrypt the password hashes without a time consuming brute force attack. That's not how the authentication works. What you should do is to encrypt the user supplied password with the same algorithm and salt as the Unix system uses, and compare the hashes. Another option is to simply run some program that tries to log in the user on the unix box and see if that goes well. If you really use shadow passwords, and can't run as root on the system, manual comparision with the password hash is not an option. For another alternative, see http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/203610 If POP won't help you, I'm sure you might think of similar approaches, telnetlib or ftplib might prove helpful. -- http://mail.python.org/mailman/listinfo/python-list
