On Fri, Nov 26, 1999 at 10:14:11AM -0600, scott.list wrote:
| What I REALLY want is to be able to check a users POP password/userid. Is
| there a way using telnet to port 109?
Of course (though 109 is pop2; pop3, on port 110, is the norm these days).
POP3 is a text protocol (like most sane protocols are, filesystem stuff aside).
| I get a prompt, I just don't know how
| to feed it a login/password. Would this work? how?
The spec is at:
http://www.FreeSoft.org/CIE/RFC/Orig/rfc1081.txt
Have a good read. You want the "USER" and "PASS" commands, but read the rest
anyway; it's a good simple protocol.
However, you can check a password against the crypt string more directly,
if you have access to it. (This is one way - you can find out if a
particular password matches the string in the password file, but not
backtrack from the string to the matching password.)
Look at:
http://www.zip.com.au/~cs/scripts/pwcrypt
for some example perl code to do something of that nature (I actually
use this to generate crypt strings for new users, but it's virtually
the same thing).
Of course, if _you_ know the user's password then by rights it should
be considered blown, and the user should pick a new password that
_nobody_but_them_ knows. What I usually do to check this is look at
the crypt string in the password file, eg:
9ho28hVlad2vo
and take the salt ("9h") and say
pwcrypt 9h
which runs the above perl script, and get the user to type in their
password while my eyes are averted (this is a basic courtesy a sysadmin
should acquire). Then if the result matches the crypt string, then
password they types matches the one the system believes.
--
Cameron Simpson, DoD#743 [EMAIL PROTECTED] http://www.zip.com.au/~cs/
No one's jumped off the top of the [Windows] building here, so I guess
that's a pretty good indicator that it can't be all that bad.
- Rob Bennett, Microsoft group product manager on Windows 98
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
