[NTLUG:Discuss] Alternate "passwword" processing
Leroy Tennison
leroy.tennison at verizon.net
Tue Mar 24 22:26:51 PDT 2026
I appreciate all the replies (and Chris, good to hear from you). I'll look into them as soon as taxes are done....
On Tuesday, March 24, 2026 at 11:35:51 PM CDT, Christopher Cox <cjcoxshared at gmail.com> wrote:
Chiming in (blast from the past). You could use pam_userdb and
something like pamtester. You'd just create your own pam service to
reference in using pamtester.
e.g.
pamtester my-service the-username authenticate
Where: /etc/pam.d/my-service contains:
auth required pam_userdb.so db=/path/to/db-file crypt="your-preferred hash type"
So... this might not be "perfect".... may need some tweaking.
On Tue, Mar 24, 2026 at 9:25 PM David Eddleman <david.eddleman at gmail.com> wrote:
>
> Knowing a bit more about what this is would help, but first blush would be
> something already like what shadow and htpasswd do. Have a file that has a
> hash (md5, sha1, etc.) of the password written into it, make it read-only
> and immutable, then on login have the password ran through the same hash
> mechanism and compared. `diff` has a way to check between two files/streams
> using -q and only report if there's a difference (
> https://man7.org/linux/man-pages/man1/diff.1.html), and with an exit code
> of 0 it matches. A non-zero exit code means the existing and new
> comparisons don't match.
>
> As long as your hashing algo isn't vulnerable to replay attacks or
> collisions, it's solid.
>
> If you want to go deeper with user settable passwords and the like, I'd
> encourage you to look at pam and see how those modules operate. But for a
> simple admin-set password with no user servicing, the above will work fine.
>
> On Tue, Mar 24, 2026 at 8:50 PM Leroy Tennison <leroy.tennison at verizon.net>
> wrote:
>
> > I'm looking for a way to do authentication in a script based on a
> > username/password equivalent that doesn't rely on /etc/{passwd,shadow} and
> > therefore doesn't require users to exist on the system. My searching
> > hasn't found much which is why I'm asking. I've looked into htpasswd and
> > htaccess, rsyncd.secrets and smbpasswd but nothing seems to fit. I'm aware
> > of openssl-passwd but was hoping for something simpler like a program which
> > could set and test passwords against a specified file. Any ideas? Thanks
> > for your help.
> > _______________________________________________
> > http://www.ntlug.org/mailman/listinfo/discuss
> >
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
_______________________________________________
http://www.ntlug.org/mailman/listinfo/discuss
More information about the Discuss
mailing list