OSDev.org

The Place to Start for Operating System Developers
It is currently Thu Mar 28, 2024 1:03 pm

All times are UTC - 6 hours




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: User Log-in/Sign-in
PostPosted: Sun Aug 29, 2021 3:13 pm 
Offline
Member
Member
User avatar

Joined: Mon Sep 21, 2020 9:51 am
Posts: 100
Location: Aboard the Enterprise
Has anyone implemented a user log-in (ie: asking for a username and password), in their OSes? If so, how?

_________________
USS Enterprise NCC-1701,
The Final Frontier,
Space,
The Universe

Live Long And Prosper

Slava Ukraini!
Слава Україні!


Top
 Profile  
 
 Post subject: Re: User Log-in/Sign-in
PostPosted: Sun Aug 29, 2021 5:56 pm 
Offline
Member
Member

Joined: Wed Mar 30, 2011 12:31 am
Posts: 676
Sure, I have both a graphical and a TTY-based login.

Image

Image

They both work the same way. They run with privileges to change users and access the authentication database, and they prompt for a username and password (be sure not to display the actual password as it's typed!), and if the authentication information matches, they fork, switch to that user, and run the relevant graphical or shell-based session. And when the user is done and their session ends, the process begins anew.

_________________
toaruos on github | toaruos.org | gitlab | twitter | bim - a text editor


Top
 Profile  
 
 Post subject: Re: User Log-in/Sign-in
PostPosted: Tue Aug 31, 2021 2:57 pm 
Offline
Member
Member
User avatar

Joined: Mon Sep 21, 2020 9:51 am
Posts: 100
Location: Aboard the Enterprise
Where do you store the passwords to check against?

_________________
USS Enterprise NCC-1701,
The Final Frontier,
Space,
The Universe

Live Long And Prosper

Slava Ukraini!
Слава Україні!


Top
 Profile  
 
 Post subject: Re: User Log-in/Sign-in
PostPosted: Tue Aug 31, 2021 5:55 pm 
Offline
Member
Member

Joined: Tue Apr 03, 2018 2:44 am
Posts: 401
PavelCheckov wrote:
Where do you store the passwords to check against?


Traditional UNIX location is in /etc/shadow (read restricted to root processes) or /etc/passwd (not a good idea, /etc/passwd needs to be world readable.)

The password can also be stored over the network, and can be authenticated locally or remotely.

The point being, there is no single place to store passwords. Most UNIX like systems use Pluggable Authentication Modules (PAM) to implement authentication, so the location of the password storage becomes a function of the PAM plug-in.


Top
 Profile  
 
 Post subject: Re: User Log-in/Sign-in
PostPosted: Tue Aug 31, 2021 6:43 pm 
Offline
Member
Member

Joined: Mon Mar 25, 2013 7:01 pm
Posts: 5100
Also, the password isn't stored. A hash of the password is stored, and the hash algorithm is chosen so that it should be difficult to figure out the password even if you know the hash.


Top
 Profile  
 
 Post subject: Re: User Log-in/Sign-in
PostPosted: Tue Aug 31, 2021 7:06 pm 
Offline
Member
Member

Joined: Wed Mar 30, 2011 12:31 am
Posts: 676
In classical Unixes the passwords were stored... and then later they were stored in an encrypted (recoverable!) form.

I've intentionally stuck with actually storing passwords in plain text as a clear indicator that the security of my OS is lacking and should not be assumed, though I did previously use SHA256 hashes in the past.

On the note of authentication, this is something POSIX specifically does not cover, so even if you're aiming for standard compliance you're open to do whatever you want. I hide away my authentication process into a library that has methods to verify credentials and assume an identity, and it gets used by the login apps as well as sudo.

_________________
toaruos on github | toaruos.org | gitlab | twitter | bim - a text editor


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 59 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group