Re: Shadow question
You (Bruce Perens) wrote:
> We can switch to using shadow passwd enabled executables right after the 1.1
> release .
>
> I don't understand why this isn't simply a change to getpwent() in libc. Why
> is it necessary to change the function name?
Ah, that's called automatic shadow compatibility. You can build libc with
it if you want. It is a bad idea, because for every getpw*() you'll have
to do a matching getsp*(). That slows programs down enormously, and 99%
of the time they don't need the extra information anyway.
Shadow should have been designed so that the /etc/shadow file was a
superset of /etc/passwd. That way you'd use the shadow file when
priviliged and /etc/passwd when not, like FreeBSD with its /etc/passwd
and /etc/master.passwd.
We could do better than shadow, but otoh that maybe isn't the task
of distribution maintainers.
Anybody know the status of the much-talked about libpam? It is a
library that supports enduser-adjustable password policy, eg it gives
programs one interface to authentication and stuff and you can have
all sorts of authentication "dropped in", such as S/key, shadow, etc.
Perhaps we should go with that...
Mike.
--
Miquel van | Cistron Internet Services -- Alphen aan den Rijn.
Smoorenburg, | mailto:info@cistron.nl http://www.cistron.nl/
miquels@het.net | Tel: +31-172-419445 (Voice) 430979 (Fax) 442580 (Data)
Reply to: