给定一个 linux 用户名和密码,我如何测试它是否是一个有效帐户?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18035093/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Given a linux username and a password how can I test if it is a valid account?
提问by smit
So my question is straight forward given a linux username and a password how can I test if it is a valid account?
所以我的问题很简单,给定一个 linux 用户名和密码,我如何测试它是否是一个有效的帐户?
采纳答案by mti2935
You can validate that a given password is correct for a given username using the shadow file.
您可以使用影子文件验证给定用户名的给定密码是否正确。
On most modern distributions, the hashed passwords are stored in the shadow file /etc/shadow (which is only readable by root). As root, pull the line from the shadow file for the given user like so:
在大多数现代发行版中,散列密码存储在影子文件 /etc/shadow(只能由 root 读取)中。以 root 身份,从给定用户的影子文件中拉出该行,如下所示:
cat /etc/shadow | grep username
You will see something like this:
你会看到这样的事情:
username:$TrOIigLp$PUHL00kS5UY3CMVaiC0/g0:15020:0:99999:7:::
After the username there is $1. This indicates that it is an MD5 hash. After that there is another $, then (in this case) TrOIigLp followed by another $. TrOIigLp is the salt. After that is the hashed password, which was hashed using the salt - in this case PUHL00kS5UY3CMVaiC0/g0.
在用户名之后有 $1。这表明它是一个 MD5 哈希。之后还有另一个 $,然后(在这种情况下)TrOIigLp 后跟另一个 $。TrOIigLp 是盐。之后是散列密码,该密码使用盐进行散列 - 在本例中为 PUHL00kS5UY3CMVaiC0/g0。
Now, you can use openssl to hash the given password using the same salt, like so:
现在,您可以使用 openssl 使用相同的盐来散列给定的密码,如下所示:
openssl passwd -1 -salt TrOIigLp
Enter the given password when prompted, the openssl command should compute the MD5 hash using the salt provided, and it should be exactly the same as the above from the shadow file. The -1 in the above command is for MD5 hashing.
出现提示时输入给定的密码,openssl 命令应该使用提供的 salt 计算 MD5 哈希值,并且它应该与影子文件中的上述内容完全相同。上述命令中的 -1 用于 MD5 散列。
回答by Stringers
If you are concerned about security (which you should be), the accepted answer represents a security risk by leaving the plaintext password in the ~/.bash_historyfile. With this in mind, it would be better to try logging in, or perhaps removing this entry from the ~/.bash_history.
如果您担心安全性(您应该这样做),那么接受的答案会通过将明文密码留在~/.bash_history文件中来表示安全风险。考虑到这一点,最好尝试登录,或者从~/.bash_history.
回答by Alberto Salvia Novella
#! /bin/bash
# (GPL3+) Alberto Salvia Novella (es20490446e)
passwordHash () {
password=
salt=
encryption=
hashes=$(echo ${password} | openssl passwd -${encryption} -salt ${salt} -stdin)
echo $(substring ${hashes} "$" "3")
}
passwordIsValid () {
user=
password=
encryption=$(secret "encryption" ${user})
salt=$(secret "salt" ${user})
salted=$(secret "salted" ${user})
hash=$(passwordHash ${password} ${salt} ${encryption})
[ ${salted} = ${hash} ] && echo "true" || echo "false"
}
secret () {
secret=
user=
shadow=$(shadow ${user})
if [ ${secret} = "encryption" ]; then
position=1
elif [ ${secret} = "salt" ]; then
position=2
elif [ ${secret} = "salted" ]; then
position=3
fi
echo $(substring ${shadow} "$" ${position})
}
shadow () {
user=
shadow=$(cat /etc/shadow | grep ${user})
shadow=$(substring ${shadow} ":" "1")
echo ${shadow}
}
substring () {
string=
separator=
position=
substring=${string//"${separator}"/$''}
IFS=$'' read -a substring <<< "${substring}"
echo ${substring[${position}]}
}
passwordIsValid ${@}
