[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: shadow-960910



On Fri, 13 Sep 1996, Cristian Gafton wrote:

> That are hardly to call shadow-utils ! They are conversion programs. Few 
> lines of code. All the hard work which was done on shadow is missed. 
> Let's talk about login, passwd, su, sg, user{add,mod,del}, 
> group{add,mod,del}, chage. Etc.

login, passwd, & su are already there. sg == newgrp, no? adduser now knows
about /etc/shadow. As for usermod & del, and groupadd, mod, and del, that
just hasn't been there :( Deleting users & groups is really best left up
to being done by hand, though - if it isn't things can often get left
lying around with the uid/gid attached to them. It's hard to completely
erase the traces of a user/group from a system.

> I don't want to be rude, but providing 
> only conversion programs is hard for me to call it as 'shadow support' 
> Yes, you can read /etc/shadow, so ?

being able to read /etc/shadow is 9/10ths of the equation. Password aging
is nice too, and is supported AFAIK. The only part is having to edit
/etc/shadow to manually set the # of expiration days.

> As long as you don't provide those 
> needing shadow on their support on their systems wirth the tools to 
> maintain the shadow file, you don't have complete shadow support. What's 
> wrong with chage ? It does not need PAM.

chage was probably an oversight.

> So user{add,mod,del}, so 
> group{...}, the same holds true for gpasswd.

adduser does shadow. Also the usercfg X tool does shadow. I don't think
usercfg allows you to reset password aging & etc. - I'm not sure tho.

> Well login,su,passwd need 
> to be PAMified, but other utils don't need that. What gives ?

There are a lot of things in there that are just irrelevant - logoutd for
example...

> I am using shadow. You provide me with conversion programs. I have a 
> user which come to me and tell me his password is expired. I know about 
> shadow and wht the fields in /etc/shadow stands for. So I fire up vi on 
> /etc/shadow. But the newcomer joe admin ? 

Newcomer joe admin would be frightened by /etc/shadow at all ;-)

> Oh yeah, I know Rembrandt is still BETA. To read from you READMES: "... 
> will create /etc/shadow with aging disabled..." Is this the Right Way 
> (tm) to support shadow ? Give up to one of the strongest features ? I 
> know your PAM supports well aging. But again, that's me, you, few others. 
> Newcomer joe admin is lost in space. Tell me that I'm wrong with this...

Not everyone's perfect or has a perfect amount of time for all these
things that need to be done ;-) Thanks for what you've done so far.
There's more work to be done to get PAM to where it's going to be, of
course...

Hope this helps,

-- Elliot

"Have you ever had a microchip implanted in your skull so the government
can keep track of your every move? You will! And the company that will
bring it to you is AT&T"





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []