Re: perl or libc6 bug?: getpwnam('root') in NIS environment
On Wed, Apr 14, 1999 at 09:10:35AM -0700, Ben Gertzfield wrote:
> >>>>> "Heiko" == Heiko Schlittermann <heiko@datom.de> writes:
>
> Heiko> #! /usr/bin/perl print (getpwnam('root'))[1], "\n";
>
> Heiko> returns the root encrypted password from the NIS-Servers
> Heiko> /etc/shadow ...!!
>
> Are you not running this as root? What exactly do you mean by
> "the NIS server's /etc/shadow"? I wasn't aware that there was a
> way of doing shadow over NIS.
on our solaris network, the workstations have shadow passwords but the NIS
map doesn't (i.e. ypmatch root passwd returns the hash), which seems a bit
pointless to me..
> Alternatively, do a 'ypmatch root passwd' and see if you get the
> hashed password.
<mainly to the original author:>
remember that getpwnam() refers through /etc/nsswitch.conf first. If you've
set "passwd: files nis", you can get a different result doing "print
((getpwnam('root'))[1])" as from "ypmatch root passwd", if you run perl from
a machine with shadow passwords without the perl process having shadow group
privilege. (I certainly don't think it's a problem in perl, I imagine it's
just returning results from getpwnam(3)...)
shadow passwords and NIS don't mix well. Design problem with NIS- there's no
way for the NIS server to know if a client is privileged to see the
encrypted password or not, so it's always got to be put in.
All AFAIK, JMHO, HTH, YMMV, HAND.
SRH
--
Steve Haslam, Validation Engineer, ARM Ltd, Cambridge UK +44-1223-400677
steve.haslam@arm.com steve@arise.demon.co.uk araqnid@debian.org
www.arise.demon.co.uk 8410 63C6 5821 1A2E BB26 E98F 8F16 B533 AF99 D43A
A4 5D 30 2C EE CB 41 24 A7 9E DF E3 74 E8 2E 5B @ http://wwwkeys.pgp.net/
Reply to: