[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Alex, help with login? (Was: PAMified login?)



Marek Michalkiewicz writes:
>Why does chfn or chsh need to know antything about PAM?

If the shadow chfn and chsh don't authenticate the user,
I'm not touching them with a 10-foot pole.  The util-linux
chfn and chsh authenticate the user before allowing the user
to change anything.

>The problem is that all programs which modify password files
>should use the same locking to prevent concurrent updates.

That doesn't require changing programs, it requires a standard
for locking and making sure that every program agrees with it.

>(3) libc-5.3.5 or newer has lckpwdf() and ulckpwdf() implemented
>using a fcntl lock on /etc/.pwd.lock (if the file doesn't exist,
>it is created).  This is the standard way to lock the password
>files on SysV-based systems (at least Solaris 2.x and SCO).
>No problems with invalid locks (removed by the kernel when the
>process dies without calling ulckpwdf()).

Since this is standard on other systems, and there doesn't seem
to be a real standard yet for Linux, it seems to me that it would
make sense to adopt it.  Anyone running all-NFS systems already
has enough problems that not locking /etc/ won't be a problem, and
the right way to fix that is for Jeff and Olaf to finish lockd...  :-)

>util-linux equivalents).  (3) is probably ideal, but no
>programs use it yet, and libc-5.[34].x is still beta.

As long as we are changing programs, it makes sense to change them
to (3), and we can always cut the code for lckpwdf() and ulckpwdf()
out and use it in a separate library (libmisc, whenever it gets
renamed, I imagine) on systems with libc < 5.3.5

michaelkjohnson

"Ever wonder why the SAME PEOPLE make up ALL the conspiracy theories?"




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []