How do I get a user's password?
Traditionally user passwords were kept in the `/etc/passwd' file,
on most UNIX flavours. Which is usually of this format:
username:password:uid:gid:gecos field:home directory:login shell
Though this has changed with time, now user information may be kept on
other hosts, or not necessarily in the `/etc/passwd' file. Modern
implementations also made use of `shadow' password files which hold the
password, along with sensitive information. This file would be readable
only by privileged users.
The password is usually not in clear text, but encrypted due to security
concerns.
POSIX defines a suite of routines which can be used to access this
database for queries. The quickest way to get an individual record for a
user is with the getpwnam() and getpwuid() routines. Both
return a pointer to a struct passwd, which holds the users information
in various members. getpwnam() accepts a string holding the
user's name, getpwuid() accepts a uid (type uid_t as
defined by POSIX). Both return NULL if they fail.
However, as explained earlier, a shadow database exists on most modern
systems to hold sensitive information, namely the password. Some systems
only return the password if the calling uid is of the superuser, others
require you to use another suite of functions for the shadow password
database. If this is the case you need to make use of getspnam(),
which accepts a username and returns a struct spwd. Again, in order to
successfully do this, you will need to have privileges. (On some systems,
notably HP-UX and SCO, you may need to use getprpwnam() instead.)
| Home | FAQ |
XML Feeds