Re: Non-interactive password check
On Wed, 2001-11-28 at 06:37, Alexander Steinert wrote:
> > > On session start the user sends his login name and the password for the
> > > remote account. I want to check the authenticity by something like
> > > trying to ssh into the remote account and immediately logout again. The
> > > unix user doing this is the owner of the apache process.
> >
ssh is an ugly solution, as the user will have a login for his account,
which can make them weirded out.
try logging in over pop or imap instead. You can
use IO::Socket;
my $socket=IO::Socket::INET->new(PeerAddr => $host,
PeerPort => 'pop3(110)',
Proto => 'tcp');
unless ($socket and (<$socket>=~/^\+OK/)) {
restrict_err("Couldn't connect to $host")
}
print $socket "USER ", $cgi->param('login'), "\r\n";
unless (<$socket>=~/^\+OK/) {
restrict_err("Couldn't login to $host")
}
print $socket "PASS ", $cgi->param('pass'), "\r\n";
my $message = <$socket>;
print $socket "QUIT\r\n";
$socket->close;
if ($message=~/^\+OK/) {
return 1;
}
return 0;
i.e. failed b/c fell off
Reply to: