[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: password file locking



Solar Designer wrote:
> 
> Hi,
> 
> In recent Linux distributions, we have at least the following
> packages that write to /etc/passwd:
> 
> 1. pwdb (provides libpwdb, which is used by pam_pwdb).
> 2. pam_unix (included with Linux-PAM).
> 3. util-linux (provides chsh, chfn).
> 4. shadow-utils (provides useradd and the like).
> 
> Only #1 and #4 use compatible locking.
> 
> All of these are found on at least RH 6.x.  pam_unix isn't used by
> default, but is often recommended on pam-list and apparently is
> going to replace pam_pwdb in RH 7.x.
> 
> Solutions?
> 1. Move to a more consistent system.  Bonus: consistent man pages.
> 2. Patch util-linux, patch pam_unix.
> 3. Patch util-linux, don't use pam_unix.
> 4. Use the versions of chsh and chfn provided with shadow-utils
> rather than ones provided with util-linux (any particular reason RH
> prefers the util-linux versions?).  Don't use pam_unix.

I'm now loking to locking code in pam_unix (I tries to "reimplement"
current pam_unix now, as I already said in pam-list).  And this is
exactly the question triggered when I tried to compare locking in
different modules/utils...  And I plan to "patch pam_unix" (one of
your variants), i.e. to write is so it will be compatible with pam_pwdb
and shadow_utils.

But it should take some time for me to finish things, and also will be
a lot of time while new code will (well, if it will be tried/considered
at at all) be tested/accepted...

BTW, RedHat already switched to pam_unix in beta7.

Regards,
 Michael.





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []