Re: System call on Solaris 2.8 to retrieve current user's password

phn_at_icke-reklam.ipsec.nu
Date: 05/18/04 

Date: Mon, 17 May 2004 22:04:42 +0000 (UTC)

In comp.security.unix Jitendra Sharma <jksharma@yahoo.com> wrote:
> Unix Gurus,

> I have to implement a "C" program which retrieves current user
> password and compares it with current input user password and do some
> kind of checking on it like it's same as the current stored user
> password etc. This program will be a wrapper on unix passwd program
> and wrapper program will run as setuid-bit-set as root. So please let
> me know if there is someway I can retrieve current stored password of
> a user on Solaris 2.8 through some system call.

> Any help/pointers will be greatly appreciated.

You cannot retreive the password, it's one-way encrypted.
( It's one of the many things un*x did right)

What you can do is repeat the same encryption and compare the
resulting cryptotext. man crypt for more information, browsing
the "passwd" source will also give hints.
( yes making the source to "passwd" public does not reduce the
strength of un*x passwords, another thing un*x did right)

> Thank you
> Jitendra 

-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

Relevant Pages