Using "getpwent" in SYSV/386
david newall
CCDN at levels.sait.edu.au
Tue Nov 21 05:07:35 AEST 1989
In article <11633 at smoke.BRL.MIL>, gwyn at smoke.BRL.MIL (Doug Gwyn) writes:
> In article <785 at ctdi.UUCP> mikei at ctdi.UUCP (Mike Israel) writes:
> -This particular version of Unix stores encrypted passwords
> -in a file called /etc/shadow. Is there an existing function
> -to access the encrypted password?
>
> NO, that's the whole point of having /etc/shadow.
I'm most surprised to hear Doug claiming that the purpose of /etc/shadow
is so that "encrypted" passwords can't be easily accessed. I'm sure that
no such thing is the case.
The purpose of the shadow password file is so that unprivileged processes
cannot access the "encrypted" password. That's a security consideration.
(I personally feel that even unprivileged processes can have some need to
authenticate arbitrary users; and that having them type their password is
a reasonable authentication scheme. But that's another issue.)
The purpose of /etc/shadow is NOT to make it inconvenient to access this
data, assuming you have permission to access it. I would have thought it
reasonable for getpwent to fill in the pw_passwd field if it was invoked
by root. Alternatively, I would have thought "getshadowent" routines would
have been provided (for the exclusive use of root processes).
David Newall Phone: +61 8 343 3160
Unix Systems Programmer Fax: +61 8 349 6939
Academic Computing Service E-mail: ccdn at levels.sait.oz.au
SA Institute of Technology Post: The Levels, South Australia, 5095
More information about the Comp.unix.i386
mailing list