From owner-freebsd-questions@FreeBSD.ORG Sat Nov 22 22:29:10 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4769616A4CE for ; Sat, 22 Nov 2003 22:29:10 -0800 (PST) Received: from faeton1.ru (relay.faeton1.ru [217.18.136.228]) by mx1.FreeBSD.org (Postfix) with ESMTP id C74AF43FBD for ; Sat, 22 Nov 2003 22:29:05 -0800 (PST) (envelope-from lists@avtf.org) Received: from faeton1.ru (localhost.faeton1.ru [127.0.0.1]) hAN6TtXg007344 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sun, 23 Nov 2003 12:29:56 +0600 (OMST) Received: (from root@localhost) by relay.faeton1.ru (8.12.9-20030924/8.12.9/Submit) id hAN6TtVE007343 for freebsd-questions@freebsd.org.KAV; Sun, 23 Nov 2003 12:29:55 +0600 (OMST) Received: from vpn-client-250.faeton1.ru (vpn-client-250.faeton1.ru [192.168.136.250]) (authenticated bits=0)hAN6TpXg007335 (version=TLSv1/SSLv3 cipher=DES-CBC3-SHA bits=168 verify=NO); Sun, 23 Nov 2003 12:29:54 +0600 (OMST) Date: Sun, 23 Nov 2003 12:30:10 +0600 From: Sergey Sysoev X-Mailer: The Bat! (v1.62r) X-Priority: 3 (Normal) Message-ID: <1965225666.20031123123010@avtf.org> To: Grant Peel In-Reply-To: <00e101c3b14f$270d9480$6401a8c0@grant> References: <00e101c3b14f$270d9480$6401a8c0@grant> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org Subject: Re: PHP Auth X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Sergey Sysoev List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Nov 2003 06:29:10 -0000 Hello Grant, GP> Two questions.... GP> I have been reading as much as I can find on paswwd, master.passwd, GP> shadow, crypt etc etc etc. and am Still stuck on one point. If the encrypted GP> password is normally aslways different, due to 'salt', then how does one get GP> a match?? GP> Does anyone have posession of a simple PHP script that can auth against GP> the master passwd file? That's function which generate md5 password, maybe it will be helpful. I am not sure for 100% if this script always provide diff. password and maybe someone can improve it :) You may check work at http://bids.tomsk.ru/passwd.php echo crypt_passwd("F5k"); function crypt_passwd($passwd_tmp) { mt_srand((double) microtime()*1000000); $e=pack("cCcCCccC", mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand()); $enc12=base64_encode($e); $enc8=""; for ($i=2; $i<=9; $i++) $enc8=$enc8.$enc12[$i]; $passwd_crypted=crypt($passwd_tmp,$enc8); return $passwd_crypted; } To my mind you'd get salt from master.passwd and than encrypt plain password using that salt and then compare. -- Best regards, Sergey