Date: Sun, 23 Nov 2003 12:30:10 +0600 From: Sergey Sysoev <lists@avtf.org> To: Grant Peel <grant@thenetnow.com> Cc: freebsd-questions@freebsd.org Subject: Re: PHP Auth Message-ID: <1965225666.20031123123010@avtf.org> In-Reply-To: <00e101c3b14f$270d9480$6401a8c0@grant> References: <00e101c3b14f$270d9480$6401a8c0@grant>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Grant, GP> Two questions.... GP> I have been reading as much as I can find on paswwd, master.passwd, GP> shadow, crypt etc etc etc. and am Still stuck on one point. If the encrypted GP> password is normally aslways different, due to 'salt', then how does one get GP> a match?? GP> Does anyone have posession of a simple PHP script that can auth against GP> the master passwd file? That's function which generate md5 password, maybe it will be helpful. I am not sure for 100% if this script always provide diff. password and maybe someone can improve it :) You may check work at http://bids.tomsk.ru/passwd.php echo crypt_passwd("F5k"); function crypt_passwd($passwd_tmp) { mt_srand((double) microtime()*1000000); $e=pack("cCcCCccC", mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand()); $enc12=base64_encode($e); $enc8=""; for ($i=2; $i<=9; $i++) $enc8=$enc8.$enc12[$i]; $passwd_crypted=crypt($passwd_tmp,$enc8); return $passwd_crypted; } To my mind you'd get salt from master.passwd and than encrypt plain password using that salt and then compare. -- Best regards, Sergey
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1965225666.20031123123010>