Martin v. Löwis
parent
abba5c067d
commit
37ead8f1c3
|
|
@ -17,6 +17,10 @@ the \UNIX{} man page for further details. Possible uses include
|
|||
allowing Python scripts to accept typed passwords from the user, or
|
||||
attempting to crack \UNIX{} passwords with a dictionary.
|
||||
|
||||
Notice that the behavior of this module depends on the actual implementation
|
||||
of the \manpage{crypt}{3}\index{crypt(3)} routine in the running system.
|
||||
Therefore, any extensions available on the current implementation will also
|
||||
be available on this module.
|
||||
\begin{funcdesc}{crypt}{word, salt}
|
||||
\var{word} will usually be a user's password as typed at a prompt or
|
||||
in a graphical interface. \var{salt} is usually a random
|
||||
|
|
@ -25,6 +29,10 @@ attempting to crack \UNIX{} passwords with a dictionary.
|
|||
set \regexp{[./a-zA-Z0-9]}. Returns the hashed password as a
|
||||
string, which will be composed of characters from the same alphabet
|
||||
as the salt (the first two characters represent the salt itself).
|
||||
|
||||
Since a few \manpage{crypt}{3}\index{crypt(3)} extensions allow different
|
||||
values, with different sizes in the \var{salt}, it is recommended to use
|
||||
the full crypted password as salt when checking for a password.
|
||||
\end{funcdesc}
|
||||
|
||||
|
||||
|
|
@ -40,7 +48,7 @@ def login():
|
|||
if cryptedpasswd == 'x' or cryptedpasswd == '*':
|
||||
raise "Sorry, currently no support for shadow passwords"
|
||||
cleartext = getpass.getpass()
|
||||
return crypt.crypt(cleartext, cryptedpasswd[:2]) == cryptedpasswd
|
||||
return crypt.crypt(cleartext, cryptedpasswd) == cryptedpasswd
|
||||
else:
|
||||
return 1
|
||||
\end{verbatim}
|
||||
|
|
|
|||
Loading…
Reference in New Issue