Unix security additions
John Tamplin
jat at xavax.com
Mon Mar 18 13:09:55 AEST 1991
In article <19099 at rpp386.cactus.org> jfh at rpp386.cactus.org (John F Haugh II) writes:
>>o Getting the passwords where they can't be publically read
>
>This was done for AIX v2, but has also been done with SVR3.2 and
>BSD. No one has solved certain problems with transparency - that
>is, making shadowed passwords look and feel like old-style
>publically readable passwords. This means all the programs that
>used to think pw_passwd was valid are wrong ;-(. Making matters
>worse, AT&T, BSD, and IBM all fail to converge on a single
>mechanism (and AT&T fails to agree on a single file format for
>there various releases). So you have a non-standard,
>non-transparent feature ...
I am using a SVR3.2.2 system with shadowed passwords, and the interface
provided is getspent() etc. After hacking one too many programs to use the
new library calls to get the password, I decided the best way to solve the
problem was to have getpwent() look up pw_passwd in the shadow file iff
euid=root. This way, programs that are supposed to have access have it in
the same old fashion, and programs that don't get some nonsense password
(either ! or x in the implementations I have seen).
Maybe one of these days I will get around to actually writing this.
--
John Tamplin Xavax
jat at xavax.COM 2104 West Ferry Way
...!uunet!xavax!jat Huntsville, AL 35801
More information about the Comp.unix.admin
mailing list