User Log-in/Sign-in

Question about which tools to use, bugs, the best way to implement a function, etc should go here. Don't forget to see if your question is answered in the wiki first! When in doubt post here.
Post Reply
User avatar
PavelChekov
Member
Member
Posts: 113
Joined: Mon Sep 21, 2020 9:51 am
Location: Aboard the Enterprise

User Log-in/Sign-in

Post by PavelChekov »

Has anyone implemented a user log-in (ie: asking for a username and password), in their OSes? If so, how?
USS Enterprise NCC-1701,
The Final Frontier,
Space,
The Universe

Live Long And Prosper

Slava Ukraini!
Слава Україні!
klange
Member
Member
Posts: 679
Joined: Wed Mar 30, 2011 12:31 am
Libera.chat IRC: klange
Discord: klange

Re: User Log-in/Sign-in

Post by klange »

Sure, I have both a graphical and a TTY-based login.

Image

Image

They both work the same way. They run with privileges to change users and access the authentication database, and they prompt for a username and password (be sure not to display the actual password as it's typed!), and if the authentication information matches, they fork, switch to that user, and run the relevant graphical or shell-based session. And when the user is done and their session ends, the process begins anew.
User avatar
PavelChekov
Member
Member
Posts: 113
Joined: Mon Sep 21, 2020 9:51 am
Location: Aboard the Enterprise

Re: User Log-in/Sign-in

Post by PavelChekov »

Where do you store the passwords to check against?
USS Enterprise NCC-1701,
The Final Frontier,
Space,
The Universe

Live Long And Prosper

Slava Ukraini!
Слава Україні!
thewrongchristian
Member
Member
Posts: 426
Joined: Tue Apr 03, 2018 2:44 am

Re: User Log-in/Sign-in

Post by thewrongchristian »

PavelCheckov wrote:Where do you store the passwords to check against?
Traditional UNIX location is in /etc/shadow (read restricted to root processes) or /etc/passwd (not a good idea, /etc/passwd needs to be world readable.)

The password can also be stored over the network, and can be authenticated locally or remotely.

The point being, there is no single place to store passwords. Most UNIX like systems use Pluggable Authentication Modules (PAM) to implement authentication, so the location of the password storage becomes a function of the PAM plug-in.
Octocontrabass
Member
Member
Posts: 5567
Joined: Mon Mar 25, 2013 7:01 pm

Re: User Log-in/Sign-in

Post by Octocontrabass »

Also, the password isn't stored. A hash of the password is stored, and the hash algorithm is chosen so that it should be difficult to figure out the password even if you know the hash.
klange
Member
Member
Posts: 679
Joined: Wed Mar 30, 2011 12:31 am
Libera.chat IRC: klange
Discord: klange

Re: User Log-in/Sign-in

Post by klange »

In classical Unixes the passwords were stored... and then later they were stored in an encrypted (recoverable!) form.

I've intentionally stuck with actually storing passwords in plain text as a clear indicator that the security of my OS is lacking and should not be assumed, though I did previously use SHA256 hashes in the past.

On the note of authentication, this is something POSIX specifically does not cover, so even if you're aiming for standard compliance you're open to do whatever you want. I hide away my authentication process into a library that has methods to verify credentials and assume an identity, and it gets used by the login apps as well as sudo.
Post Reply