> Is there a way to confirm a users password without actually logging in as
> the user? So that if I think that the password is 'pass-wd-x' for user
> 'xyz' I can confirm it from the command line.
The perl script below will do this if you have access to the shadow password
file. Run the script, enter the salt (from /etc/shadow) and the suspected
password. If the encrypted password returns the same string as in /etc/shadow
the passwords are the same.
For crypt encrypted passwords the salt is the first two characters.
For md5 encrypted passwords the salt is the first 11 characters (up
to and including the 3rd $).
---
Ian
-----------------------------------------------------------------------------
#!/usr/bin/perl
#
# Generate a crypt encrypted password from password and salt.
#
print STDERR "salt:";
$salt= <STDIN>;
print STDERR "\npassword:";
system ("stty -echo");
$text= <STDIN>;
system ("stty echo");
print STDERR "\n";
chop ($text);
$encrypted=crypt($text,$salt);
print "$encrypted\n";
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
