Password Verification

[IBM]

In article <16390 at smoke.brl.mil> somsky at brl.mil (William R. Somsky) writes:
>I'd like to put 'xlock' onto our systems, but I'm having difficulty
>with the unlock user verification part.  What xlock normally does is ask
>for the user's password and compares this (via the appropriate encryption
>routines) with the entry found in /etc/passwd.  With the passwords stored
>in /etc/security/passwd, however, this fails.  Has anyone worked this out?
>Should I make xlock be suid root?      What would be needed to read the
>/etc/security/passwd file?      For getting the info out of /etc/passwd,
>there is some library routin (I forget the name just now) which reads
>the /etc/passwd file and extracts the relevant information.  Is there
>an appropriate function for the /etc/security/passwd file?      Does anyone
>have any suggestions?  (And yes, I've already dealt with Ctl-Alt-Backspace.)
>William R. Somsky                                      somsky at brl.mil

The following are the modifications I made to the code.

modified xlock.c getPassword() to read:

    XWindowAttributes xgwa;
    int         y,		/* moved the int declaration aft xgwa */
                left,
                done;
#ifdef _AIX
    uid_t uuid;
    char user[10];
    uuid = getuid();
    pw = getpwuid(uuid);
    strcpy(user,pw->pw_name);
    strcpy(userpass, pw->pw_passwd);
#else
    char       *user = getenv(USERNAME);
#endif
..
..
..
/* added if not def since user and userpass was set at start of getPassword */
#ifndef _AIX
    pw = getpwnam(user);
    strcpy(userpass, pw->pw_passwd);
#endif


===============================================================
Thomas Y. Li                 Email: tli at nycvmic4.iinus1.ibm.com
IBM Corporation                     tli%nycvmic4 at iinus1.ibm.com
33 Maiden Lane  10th Floor          tli at morgan.com
New York, NY  10038
(212) 493-2516 T/L 340       VNET:  tli at nycvmic4