Get user and password after logging Linux SO under Java
[149 byte] By [jj_andradea] at [2007-11-27 8:33:54] 
Hello,i would really like to know how to get user and password after logging Linux SO under Java Programming?Regards,Jos?
after logging Linux SO under Java Programming?can you explain to me what you mean by this?
deAppela at 2007-7-12 20:30:03 >
Yes. First I work on medical application where my application creates some text files and access a servlet. I cant use database(to login in my application) because some over company restrictions . This password has to be the system's (user logged in ) password as per my employer. How do I access system( windows/ linux ) user's password? After the user has logged in, I want to access user's system password and set that password to my application's servlet.
have you got it?
Regards,
Jos?
jj_andradea at 2007-7-12 20:30:03 >
Sorry....i need just access system user's password under Linux only.Regards,Jos?
jj_andradea at 2007-7-12 20:30:03 >
Maybe you can use JAAS. Not sure. Never used it. http://java.sun.com/products/jaas/-Puce
Pucea at 2007-7-12 20:30:03 >
This all sounds very insecure. As far as I am aware there is no way to get a password because even in the most basic of unix/linux version the passwords are not stored on the system. Only a hash of the passwords is stored.
sabre150a at 2007-7-12 20:30:03 >
Hello!!I just need to access before the Linux system write to shadow file !!How to access at runtime this user and password?Regards,Jos?
jj_andradea at 2007-7-12 20:30:03 >
> Hello!!> I just need to access before the Linux system write> to shadow file !!> How to access at runtime this user and password?> Once again - you can't get access to the password since it is not stored anywhere.
sabre150a at 2007-7-12 20:30:03 >
hey jj,
there is no way to get users password in Linux unless you have the authority to read the shadow file(root privilege) and you use brute-force to get the password...
but it seems to me that you want your application to be accessed by some autherised people only from some restricted computers with login and password for users...
if this is the case i can suggest a way around it...
1. write your servlet in such a way that it will accept requests only from a list of IPs ( use ServletRequest.getRemoteAddr() ) and only from a list of users
2. access system username ( use System.getProperty() ) in your client-side application and use your application to make request with the system username that you got
hope this will help you...
regards
i_virus
i_virusa at 2007-7-12 20:30:03 >
> there is no way to get users password in Linux unless
> you have the authority to read the shadow file(root
> privilege) and you use brute-force to get the
> password...
The shadow file contains a hash of the password, not the password. The password is not stored anywhere on a unix/linux system. If it were this would be a big security hole.
sabre150a at 2007-7-12 20:30:03 >
> > there is no way to get users password in Linux unless
> > you have the authority to read the shadow file(root
> > privilege) and you use brute-force to get the
> > password...
>
> The shadow file contains a hash of the password, not
> the password. The password is not stored anywhere on
> a unix/linux system. If it were this would be a big
> security hole.
hey sabre,
when did i say that the shadow file contains the password... i said that you have to brute-force the shadow file to get the password which is absolutely possible... http://www.openwall.com/john/ and http://en.wikipedia.org/wiki/John_the_Ripper
regards
i_virus
Message was edited by:
i_virus
i_virusa at 2007-7-12 20:30:03 >
sabre and everyone,
i found out a good article under 'c' language that access under memory before write the shadow file and compare it with the password towards md5 hash.
i could imagine that it was possible because the SO salve under memory before write phisically.
Thanks,
Jos?
jj_andradea at 2007-7-12 20:30:03 >
Java Essentials New Topic
Java Essentials Hot Topic
Java Essentials
All Classified
- Archived Forums
- Enterprise & Remote Computing
- Java Essentials
- Desktop
- Core
- Solaris Operating System
- Security
- Database Connectivity
- Java Mobility Forums
- Web & Directory Servers
- Development Tools
- Application & Integration Servers
- Java HotSpot Virtual Machine
- Other Topics
- E-Mail, Calendar, & Collaboration
- Developer Tools
- General
- Administration Tools
- Sun Hardware
- Storage Forums
- Java Enterprise System
- StarOffice
- Open Source Technologies
- BigAdmin
- Real-Time
- Java Coding