Re: perl or libc6 bug?: getpwnam('root') in NIS environment
On Wed, Apr 14, 1999 at 09:10:35AM -0700, Ben Gertzfield wrote:
> >>>>> "Heiko" == Heiko Schlittermann <firstname.lastname@example.org> writes:
> Heiko> #! /usr/bin/perl print (getpwnam('root')), "\n";
> Heiko> returns the root encrypted password from the NIS-Servers
> Heiko> /etc/shadow ...!!
> Are you not running this as root? What exactly do you mean by
> "the NIS server's /etc/shadow"? I wasn't aware that there was a
> way of doing shadow over NIS.
on our solaris network, the workstations have shadow passwords but the NIS
map doesn't (i.e. ypmatch root passwd returns the hash), which seems a bit
pointless to me..
> Alternatively, do a 'ypmatch root passwd' and see if you get the
> hashed password.
<mainly to the original author:>
remember that getpwnam() refers through /etc/nsswitch.conf first. If you've
set "passwd: files nis", you can get a different result doing "print
((getpwnam('root')))" as from "ypmatch root passwd", if you run perl from
a machine with shadow passwords without the perl process having shadow group
privilege. (I certainly don't think it's a problem in perl, I imagine it's
just returning results from getpwnam(3)...)
shadow passwords and NIS don't mix well. Design problem with NIS- there's no
way for the NIS server to know if a client is privileged to see the
encrypted password or not, so it's always got to be put in.
All AFAIK, JMHO, HTH, YMMV, HAND.
Steve Haslam, Validation Engineer, ARM Ltd, Cambridge UK +44-1223-400677
email@example.com firstname.lastname@example.org email@example.com
www.arise.demon.co.uk 8410 63C6 5821 1A2E BB26 E98F 8F16 B533 AF99 D43A
A4 5D 30 2C EE CB 41 24 A7 9E DF E3 74 E8 2E 5B @ http://wwwkeys.pgp.net/