I don't see a "quick and dirty" answer, so I'll post my solution:
One line
openssl recent enough
userline=$(sudo awk -v u=$user -F: 'u==$1 {print $2}' /etc/shadow); IFS='$'; a=($userline); [[ "$(printf "${pass}"|openssl passwd -"${a[1]}" -salt "${a[2]}" -stdin)" = "${userline}" ]]
with perl
user="user1";pass="eeeeee";userline="$(awk -v u="$user" -F: 'u==$1 {print $2}' /etc/shadow)"; a="$(echo "$userline"|grep -Eo '^\$.*\$.*\$')"; [[ "$(perl -e "print crypt('${pass}', '${a}')")" = "${userline}" ]]
In both case, it's a one-liner that returns 0 if the supplied password is correct.
You need three things:
- Set the variable "$user"
- Ensure that the user exists in the
/etc/shadow(e.g.,if ! grep -q $user /etc/shadow; then return 1; fi) - Set the variable "$pass"
Some explanations
- First get the shadow line of the user
- Split it on
$ - Use the
opensslcommand to generate the string from the supplied password - Check if the generated string matches the stored one
