[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pwdb breakage

On Sat, 31 May 1997, Kirk Bauer wrote:

> I'm here to help if it is needed for the weekend...  Unfortunately,
> I don't know a whole lot about PAM, but I can try out patches..


> Okay, it looks like you are saying that these Shadow/Passwd problems are
> from a poor configuration on Red Hat's part...

At least this is my opinion.

> Well, to make a point in this whole email -- I definitely do *not*
> like this behavior.  I guess the answer is to pass the 'shadow' arg
> to the pam_pwdb module (as you said above).  Pardon my ignorance here,
> but will always passing the 'shadow' arg to the pam_pwdb module affect
> people that *don't* use shadow passwords in an adverse way?

Depends on what you mean by 'adverse way'. What we did with pam_pwdb is to
try to make it 'smart' enough to allow it to work in both shadowed and
non-shadowed environments. A nice idea coming out was the possibility to
have it shadow /etc/passwd on fly and vice-versa, unshadow systems on the
fly. You'll have to tell it what to do: shadow or not. 

If _without_ shadow argument, pam_pwdb will read the /etc/shadow if
present and honor that. but when it comes to changing the passwords, it is
hard to determine if you want to keep shadow or you want to unshadow your
system. So at this poit, _if you are running shadow and intend to keep it
that way_ you will have to provide the 'shadow' argument.

I agree that the current behavior is not what some people expect; the same
is true for the 'md5' argument - it will read/honor finely the md5
passwords if not given this argument; however, when changing passwords it
will convert them back to standard DES encryption if you don't use the md5
argument. I think the behavior is consistent, at least at this stage.

I am ready to take people suggestions on how to make it work in such a way
that it will meet more % of people expectations - I am ready to change the
default behavior a bit, but please keep in mind that 'shadowing on the
fly' and 'unshadowing on the fly' are features in there to stay.

Best wishes,
		Cristian Gafton
Cristian Gafton                                    gafton@sorosis.ro
Computers & Communications Center              Network Administrator
http://www.sorosis.ro/~gafton                          Iasi, Romania
UNIX is user friendly. It's just selective about who its friends are.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []