Don't touch the password file yourself. You will break on systems that use
MD5 passwords (or SRP, etc), like most modern distros should if they have
any wish for security.
Checkout pam.
On Thu, 16 Mar 2000, Adrian Cho/OTT/OTI wrote:
> Hi
>
> I am having considerable trouble trying to authenticate shadow passwords on
> Linux. We have a program that ships on Solaris, HP-UX and AIX. For each
> platform we have a different version of the executable that authenticates
> using shadow passwords. For Linux we are trying to do the same thing. The
> standard version of the program works fine but the shadow version fails
> when it attempts to authenticate a user. We are using the 'standard' stuff
> of getspnam() and crypt() to encrypt the password and compare it to the
> sp_pwdp field. We wrap this with seteuid(getuid()), etc. This code works
> fine on other platforms.
>
> I am trying to test on Red Hat machines running 2.2.5-15. These machines
> were installed with shadowing (apparently the folks who installed them just
> answered yes to shadowing). The /etc/passwd and /etc/shadow certainly
> indicates that there is some shadowing. From my reading there are multiple
> ways of supporting shadow passwords on Linux but I believed that RedHat
> supported PAM. However I can not find any evidence that PAM is installed
> on these machines. Any PAM files are not there. I also see that there is
> a Shadow Suite for Linux but again there is no evidence that this is what
> is being used on these machines.
>
> Can anybody help me out here?
>
> Thanks
>
> Adrian
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Mar 23 2000 - 21:00:23 EST