[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

pwdb breakage

Well, pwdb/pam_pwdb appear to be very broken.  I'm dealing with
pwdb 0.54 preC and pam 0.57 as we shipped with Red Hat Linux 4.2 --
if any of these bugs have been fixed since, please kindly tell
me...  :-)  Thanks!

First, try this:  for some user, put a password field of
 x in /etc/passwd
 * in /etc/shadow
This means that (x) shadow should hold the password, and (*) that
the password is locked.  Now use passwd <user> to set that user's
password.  The password will be put in /etc/passwd instead of
/etc/shadow.  (If you use the "shadow" argument to /etc/passwd,
it does put the entry in /etc/shadow, but it does so unconditionally,
which is also not standard shadow password behavior.)

In general, it appears that if /etc/shadow contains a * password,
the password is modified in /etc/passwd instead.

If /etc/passwd contains a * (not x) password, that means that the
account should be locked, and /etc/shadow should not be consulted
for that user.  Instead, it is ignored, and /etc/shadow is consulted.

Andrew, I know that there was one problem that you found that I couldn't
reproduce; was it related to any of these?

There are also endianness dependencies in pwdb that Erik is looking into.


"Magazines all too frequently lead to books and should be regarded by the
 prudent as the heavy petting of literature."            -- Fran Lebowitz

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []