Recipe 15.10 Reading Passwords

15.10.1 Problem

You want to read input from the keyboard without the keystrokes being echoed on the screen. For instance, you want to read passwords as passwd does, i.e., without displaying the user's password.

15.10.2 Solution

Use the CPAN module Term::ReadKey, set the input mode to noecho, and then use ReadLine:

use Term::ReadKey; ReadMode('noecho'); $password = ReadLine(0);

15.10.3 Discussion

Example 15-3 shows how to verify a user's password. If your system uses shadow passwords, only the superuser can get the encrypted form of the password with getpwuid. Everyone else just gets * as the password field of the database, which is useless for verifying passwords.

Example 15-3. checkuser

  #!/usr/bin/perl -w   # checkuser - demonstrates reading and checking a user's password      use Term::ReadKey;      print "Enter your password: ";   ReadMode 'noecho';   $password = ReadLine 0;   chomp $password;   ReadMode 'normal';      print "\n";      ($username, $encrypted) = ( getpwuid $<)[0,1];      if (crypt($password, $encrypted) ne $encrypted) {       die "You are not $username\n";   } else {       print "Welcome, $username\n";   }

15.10.4 See Also

The documentation for the Term::ReadKey module from CPAN; the crypt and getpwuid functions in Chapter 29 of Programming Perl and in perlfunc(1), which demonstrate using the stty(1) command; your system's crypt(3) and passwd(5) manpages (if you have them)