From: evansmp@uhura.aston.ac.uk (Mark Evans) Subject: Re: Dangers of password shadowing Date: Fri, 14 May 1993 16:30:41 GMT
Helmut Springer (HELMUT@cip.physik.uni-stuttgart.de) wrote:
: In <1993May13.182744.26002@aston.ac.uk> evansmp@uhura.aston.ac.uk writes:
:
: > : Now the problem: The normal /etc/passwd file now looks like this:
: > :
: > : username::uid:gid:real name:home:shell
: > :
: > : Programs like passwd, that use the new system call getspnam know
: > : that this means shadowing and look up the password in /etc/shadow.
: > : Old programs, that still use getpwnam, think: "Oh, there is no pass-
: > : word set, so let 'em in !"
: >
: > Which is why it should look something like.
: > username:*:uid:gid:real name:home:shell
: >
: > Which will result in anyone using the old routines being disallowed access.
: right, I had allready changed this....
:
: But wouldn't it be good to have the call getspwname() look up
: the password in /etc/shadow ? Then all programs using this need not
: to be changed to get the passwd from /etc/shadow and all other
: informations from /etc/passwd (we just ported popper to linux
: and had to do this)...
Tell this to H Lu, then it can be put in lib c.
What would be best is to have code which would check in /etc/shadow,
then in /etc/passwd if it wasn't in /etc/shadow (or /etc/shadow wasn't
there) thus making the procedure transparent.