[COMP] Re: perl crypt() and MD5?

Hi,

posted this to some other lists to no avail, 
what the heck ...

I've got my white hat on and have a small
script here for checking password integrity
with crypt().  Basically there is a box where
I gave a few accounts with default passwords
and want to make sure they changed them without
using chage.

It works fine on a debian box with DES passwds 
but there is a Mandrake machine I wanted to run
it on which uses MD5 instead.

I found PasswdMD5 at cpan and it is supposed
to be a dropin replacement for crypt() called
unix_md5_crypt().  Here is the very simple script:

#!/usr/bin/perl -w

use Crypt::PasswdMD5;

while(<>) {

@line = split(/:/, $_);

$user = $line[1];
$salt = substr($user, 0, 2);
chop($word = <STDIN>;

      if (unix_md5_crypt($word, $salt) eq $user) {
          print "$line[0]: yes\n";
      } else {
          print "$line[0]: no\n";
      }
}

.... this script works fine on a box with
DES using regular crypt(), all I did was replace 
crypt() with unix_md5_crypt() but still no joy
on an MD5 box.

One other thing - how insane would it be to 
later on extend this to a cgi that would allow 
people (who don't even know what 'shell' means)
to change their passwds via a webpage?

TIA,

-- 
Mark

Other related posts: