lakeryu
asked on
How can check login(give any login user and password) successfully or not through programmer by python?
give any user and password, How can I check whether the user can login to the system or not.
in another word, How can I check the user and password is the system user and the password is correct.
best regards!
wait for your answer.
in another word, How can I check the user and password is the system user and the password is correct.
best regards!
wait for your answer.
import posix
posix.system("su -c user 'pwd'")
posix.system("su -c user 'pwd'")
Only by logging in as far as I know.
If you want something automatic you could use one of the "auto-login" scripts used for automating FTP uploads and just use the part that logs in.
Gandalf Parker
If you want something automatic you could use one of the "auto-login" scripts used for automating FTP uploads and just use the part that logs in.
Gandalf Parker
ASKER
I mean that in web login page, I know username and password
how can I check the username and password is vaild or not?
wait for your answer, thanks!
how can I check the username and password is vaild or not?
wait for your answer, thanks!
Are you dealing with the user names and passwords in the /etc/passwd file. Are you running any scripting languages (like PHP).
It should be possible to take the username from the login screen and find the password encryption from the passwd file. Then take the password entered on the login screen, encrypt it and check it against the known encryption.
I have done this on Solaris but not with MD5 encrytion. The method I used to encrypt the password was to write a bit of C code to call the crypt() function. There must be a similar function on Linux for MD5 encryption.
It should be possible to take the username from the login screen and find the password encryption from the passwd file. Then take the password entered on the login screen, encrypt it and check it against the known encryption.
I have done this on Solaris but not with MD5 encrytion. The method I used to encrypt the password was to write a bit of C code to call the crypt() function. There must be a similar function on Linux for MD5 encryption.
ASKER
No, the username and password is input by user, and I write it with python.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Im still confused.
(A) You want to make sure the login and password they give you works on an account which already exists on that machine?
or
(B) you want to check and see if what they gave you COULD work as a login and password. Not too short, not too long, no bad characters in it.
Gandalf Parker
(A) You want to make sure the login and password they give you works on an account which already exists on that machine?
or
(B) you want to check and see if what they gave you COULD work as a login and password. Not too short, not too long, no bad characters in it.
Gandalf Parker
ASKER
I think it is A. not B
OK, the only way I know of to do that would be to "become" that user and login. Some of the responses already given will do that. It will take a CGI of some sort since I dont think there is a way to do it in html.
I take it for granted this is some sort of linux or unix machine that the webpage is on?
For example the reference to PAM is the only one which might actually just check, but its for Python. There may be one for whatever language you use for the CGI.
The FTP one I mentioned would let you login as the user and check to see if it let you, then just log back out.
The su method mentioned does pretty much the same thing by logging in as the user just long enough to do one command, the pwd command to see what directory its in.
Gandalf Parker
I take it for granted this is some sort of linux or unix machine that the webpage is on?
For example the reference to PAM is the only one which might actually just check, but its for Python. There may be one for whatever language you use for the CGI.
The FTP one I mentioned would let you login as the user and check to see if it let you, then just log back out.
The su method mentioned does pretty much the same thing by logging in as the user just long enough to do one command, the pwd command to see what directory its in.
Gandalf Parker
Gandalf, please re-read the title of this question, and the question itself once again.... Good, now you will see that I have posted the optimal solution....
brian
brian
Yes I did miss the Python reference. The title is cutoff when viewing the list of questions. I thought more clarification was needed.
Your response does appear to be the most specific to the question.
Gandalf Parker
Your response does appear to be the most specific to the question.
Gandalf Parker
'getpwname' can be used to get the system password in the encrypted format. Using the 'crypt' API the password can be encrypted and compared with the above. Both are 'C' APIs. This as a standalone program, should have setuid set (s bit) for super user privilage.
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:
Accept: bkrahmer {http:#8243906}
Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
jmcg
EE Cleanup Volunteer
I will leave the following recommendation for this question in the Cleanup topic area:
Accept: bkrahmer {http:#8243906}
Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
jmcg
EE Cleanup Volunteer
If you know the user and password, and you are already logged in, you can try changing user with the command:
su <username>
You will then be prompted for the password. If this works then revert back to the original user:
exit
and try changing user again with:
su - <username>
The '-' will cause the login scripts (.profile, .login, .cshrc and/or .bashrc) to be read, as they would be if you logged in as that user.