[NTLUG:Discuss] Alternate "passwword" processing

[David Eddleman]

Knowing a bit more about what this is would help, but first blush would be
something already like what shadow and htpasswd do. Have a file that has a
hash (md5, sha1, etc.) of the password written into it, make it read-only
and immutable, then on login have the password ran through the same hash
mechanism and compared. `diff` has a way to check between two files/streams
using -q and only report if there's a difference (
https://man7.org/linux/man-pages/man1/diff.1.html), and with an exit code
of 0 it matches. A non-zero exit code means the existing and new
comparisons don't match.

As long as your hashing algo isn't vulnerable to replay attacks or
collisions, it's solid.

If you want to go deeper with user settable passwords and the like, I'd
encourage you to look at pam and see how those modules operate. But for a
simple admin-set password with no user servicing, the above will work fine.

On Tue, Mar 24, 2026 at 8:50 PM Leroy Tennison <leroy.tennison at verizon.net>
wrote:

> I'm looking for a way to do authentication in a script based on a
> username/password equivalent that doesn't rely on /etc/{passwd,shadow} and
> therefore doesn't require users to exist on the system.  My searching
> hasn't found much which is why I'm asking.  I've looked into htpasswd and
> htaccess, rsyncd.secrets and smbpasswd but nothing seems to fit.  I'm aware
> of openssl-passwd but was hoping for something simpler like a program which
> could set and test passwords against a specified file.  Any ideas?  Thanks
> for your help.
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>