At 04:58 PM 11/26/98 +0800, optima wrote:
>hellow friend
>I can use the runtime object to exec() a "ls".
>But I can't invoke the command "passwd "
>because it need to comfirm the passwd .how can I do
>thank my linux fan.
If you aren't using shadow passwords, you can just locate the password in
the password file, call crypt() with the clear-text password to get the
cyphertext and compare the cyphertext to what you got from /etc/passwd.
The passwd utility was designed to be used by users and to be as secure as
possible. Therefore, many tricks with redirecting i/o don't work. i.e. it
won't let you!
A note about crypt()... it needs a seed. The seed is stored in the first
[2] characters of the cyphertext in the password file.
I'm sure there is a similar approach that would support shadow passwords, I
just haven't had a chance to look it up, yet. If you need a complete
reference implementation, find the source code for "passwd". That is the
great part about being in open-software systems!
Douglas Toltzman
