[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Unix password "extensions"?



On Thu, 19 Oct 2000, Joseph S D Yao wrote:

> On Thu, Oct 19, 2000 at 02:21:09PM -0400, Nalin Dahyabhai wrote:
> > On Thu, Oct 19, 2000 at 10:57:56AM -0400, Joseph S D Yao wrote:
> > > These "extensions" date back to the late 1970's and PWB Unix 1.0.  They
> > > relate to password aging.  The passwords use regular crypt().  If your
> > > getpw*() functions don't terminate at the comma, then you can either use
> > > strncmp() or replace the commas with NULs in-line [but beware of any
> > > other problems that may cause].

> > Since originally looking at it, I've noticed that it's easier to use
> > strncmp() than attempting to terminate the string in the right place.

> IMHO, that should work just fine.  You are dealing with a fixed-length
> field, here.

> As long as you are only using it for the one style of passwd entries.

As pam_unix is intended to be a general-purpose module for unix-style
authentication, it's best to avoid a solution that locks us in to one
particular type of password.  A better option would be to encrypt the
plaintext password with the salt, check the length of the resulting string,
and use that as the length argument to strncmp().

Steve Langasek
postmodern programmer





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []