User Log-in/Sign-in
- PavelChekov
- Member
- Posts: 113
- Joined: Mon Sep 21, 2020 9:51 am
- Location: Aboard the Enterprise
User Log-in/Sign-in
Has anyone implemented a user log-in (ie: asking for a username and password), in their OSes? If so, how?
USS Enterprise NCC-1701,
The Final Frontier,
Space,
The Universe
Live Long And Prosper
Slava Ukraini!
Слава Україні!
The Final Frontier,
Space,
The Universe
Live Long And Prosper
Slava Ukraini!
Слава Україні!
Re: User Log-in/Sign-in
Sure, I have both a graphical and a TTY-based login.
They both work the same way. They run with privileges to change users and access the authentication database, and they prompt for a username and password (be sure not to display the actual password as it's typed!), and if the authentication information matches, they fork, switch to that user, and run the relevant graphical or shell-based session. And when the user is done and their session ends, the process begins anew.
They both work the same way. They run with privileges to change users and access the authentication database, and they prompt for a username and password (be sure not to display the actual password as it's typed!), and if the authentication information matches, they fork, switch to that user, and run the relevant graphical or shell-based session. And when the user is done and their session ends, the process begins anew.
- PavelChekov
- Member
- Posts: 113
- Joined: Mon Sep 21, 2020 9:51 am
- Location: Aboard the Enterprise
Re: User Log-in/Sign-in
Where do you store the passwords to check against?
USS Enterprise NCC-1701,
The Final Frontier,
Space,
The Universe
Live Long And Prosper
Slava Ukraini!
Слава Україні!
The Final Frontier,
Space,
The Universe
Live Long And Prosper
Slava Ukraini!
Слава Україні!
-
- Member
- Posts: 426
- Joined: Tue Apr 03, 2018 2:44 am
Re: User Log-in/Sign-in
Traditional UNIX location is in /etc/shadow (read restricted to root processes) or /etc/passwd (not a good idea, /etc/passwd needs to be world readable.)PavelCheckov wrote:Where do you store the passwords to check against?
The password can also be stored over the network, and can be authenticated locally or remotely.
The point being, there is no single place to store passwords. Most UNIX like systems use Pluggable Authentication Modules (PAM) to implement authentication, so the location of the password storage becomes a function of the PAM plug-in.
-
- Member
- Posts: 5567
- Joined: Mon Mar 25, 2013 7:01 pm
Re: User Log-in/Sign-in
Also, the password isn't stored. A hash of the password is stored, and the hash algorithm is chosen so that it should be difficult to figure out the password even if you know the hash.
Re: User Log-in/Sign-in
In classical Unixes the passwords were stored... and then later they were stored in an encrypted (recoverable!) form.
I've intentionally stuck with actually storing passwords in plain text as a clear indicator that the security of my OS is lacking and should not be assumed, though I did previously use SHA256 hashes in the past.
On the note of authentication, this is something POSIX specifically does not cover, so even if you're aiming for standard compliance you're open to do whatever you want. I hide away my authentication process into a library that has methods to verify credentials and assume an identity, and it gets used by the login apps as well as sudo.
I've intentionally stuck with actually storing passwords in plain text as a clear indicator that the security of my OS is lacking and should not be assumed, though I did previously use SHA256 hashes in the past.
On the note of authentication, this is something POSIX specifically does not cover, so even if you're aiming for standard compliance you're open to do whatever you want. I hide away my authentication process into a library that has methods to verify credentials and assume an identity, and it gets used by the login apps as well as sudo.