给定一个 linux 用户名和密码,我如何测试它是否是有效帐户?帐户、用户名、有效、密码

由网友(把心掐死算了)分享简介:所以我的问题很简单,给定一个 linux 用户名和密码,我如何测试它是否是一个有效帐户?So my question is straight forward given a linux username and a password how can I test if it is a valid account?推...

所以我的问题很简单,给定一个 linux 用户名和密码,我如何测试它是否是一个有效帐户?

So my question is straight forward given a linux username and a password how can I test if it is a valid account?



You can validate that a given password is correct for a given username using the shadow file.

在大多数现代发行版中,散列密码存储在影子文件/etc/shadow 中(只有 root 才能读取).以 root 身份,从给定用户的影子文件中提取该行,如下所示:

On most modern distributions, the hashed passwords are stored in the shadow file /etc/shadow (which is only readable by root). As root, pull the line from the shadow file for the given user like so:

cat /etc/shadow | grep username



用户名后面是 $1.这表明它是一个 MD5 散列.之后是另一个 $,然后(在这种情况下)TrOIigLp 后跟另一个 $.TrOIigLp 是盐.之后是散列密码,使用盐进行散列 - 在本例中为 PUHL00kS5UY3CMVaiC0/g0.

After the username there is $1. This indicates that it is an MD5 hash. After that there is another $, then (in this case) TrOIigLp followed by another $. TrOIigLp is the salt. After that is the hashed password, which was hashed using the salt - in this case PUHL00kS5UY3CMVaiC0/g0.

现在,您可以使用 openssl 使用相同的盐对给定密码进行哈希处理,如下所示:

Now, you can use openssl to hash the given password using the same salt, like so:

openssl passwd -1 -salt TrOIigLp

在提示时输入给定的密码,openssl 命令应该使用提供的 salt 计算 MD5 哈希,它应该与上述影子文件中的完全相同.上述命令中的 -1 用于 MD5 散列.

Enter the given password when prompted, the openssl command should compute the MD5 hash using the salt provided, and it should be exactly the same as the above from the shadow file. The -1 in the above command is for MD5 hashing.


