Re: Shadow question

[Miquel van Smoorenburg <miquels@cistron.nl>]

You (Bruce Perens) wrote:
> We can switch to using shadow passwd enabled executables right after the 1.1
> release .
>  
> I don't understand why this isn't simply a change to getpwent() in libc. Why
> is it necessary to change the function name?

Ah, that's called automatic shadow compatibility. You can build libc with
it if you want. It is a bad idea, because for every getpw*() you'll have
to do a matching getsp*(). That slows programs down enormously, and 99%
of the time they don't need the extra information anyway.

Shadow should have been designed so that the /etc/shadow file was a
superset of /etc/passwd. That way you'd use the shadow file when
priviliged and /etc/passwd when not, like FreeBSD with its /etc/passwd
and /etc/master.passwd.

We could do better than shadow, but otoh that maybe isn't the task
of distribution maintainers.

Anybody know the status of the much-talked about libpam? It is a
library that supports enduser-adjustable password policy, eg it gives
programs one interface to authentication and stuff and you can have
all sorts of authentication "dropped in", such as S/key, shadow, etc.
Perhaps we should go with that...

Mike.
-- 
  Miquel van    | Cistron Internet Services   --    Alphen aan den Rijn.
  Smoorenburg,  | mailto:info@cistron.nl          http://www.cistron.nl/
miquels@het.net | Tel: +31-172-419445 (Voice) 430979 (Fax) 442580 (Data)