Re^2: Another shadow question
Guy> > On Tue, 7 May 1996, David Frey wrote:
Guy> > > There are far too many conflicting binaries which are replaced by
Guy> > > shadow (passwd, login was in miscutils (where is it now?),
Guy> > > su is in shellutils, chfn, newgrp (in shellutils), ...)
Guy> > Ugh. It'd look like it'd be kinda messy. Wouldn't it be better to simply
Guy> > change all packages to be shadow-aware (i.e. they use shadow if it's
Guy> > there)?
Guy> >From my understanding of shadow passwords, it is possible to make
Guy> programs work both with and without shadowing. I'm the maintainer of
Guy> all the programs mentioned except su. Perhaps, David, you could put
Guy> the source somewhere so I and the other affected developers could look
Guy> at it?
I fear, that I was unclear. I wasn't speaking of general 'shadow support',
I thought at the 'shadow' package from John. F. Haugh II under the BSD
This package provides a new shadow-aware login, su, passwd, et.al plus
some programs to convert to shadow-passwds.
The current upstream-maintainer of the shadow package is
Marek Michalkiewicz, below the LSM (there may be newer versions around):
Title: Shadow Password Suite
Keywords: login passwd security shadow
Author: email@example.com (John F. Haugh II)
Maintained-by: firstname.lastname@example.org (Marek Michalkiewicz)
Primary-site: sunsite.unc.edu /pub/Linux/system/Admin
Alternate-site: ftp.ists.pwr.wroc.pl /pub/linux/shadow
Original-site: ftp.uu.net ?
Guy> Is it possible for a system to be switched to or from shadow support,
Guy> or must the decision be made on installation?
You simply have to replace the shadow package against it non-shadow
counterparts: login, su, passwd etc.
Guy> Does your package
Guy> include scripts that rewrite passwd into passwd and shadow and
No. It was a private hack for me, so there aren't any sophisticated
install scripts etc.
(It's not difficult, by the way).
Guy> I'm imagining a program, shadowconfig, that could be run
Guy> to turn on or off shadow password support. The other programs would
Guy> adjust based on whether the password was in the passwd struct. Is this
I don't think it's practical (but not impossible).
Guy> I don't think it's wise to start a discussion on the merits of password
Guy> shadowing, as I'm afraid that it would rapidly deteriorate. Optional
You're right. I didn't my no means wanted to start a flame-war or something
Guy> shadow password support, however, would be a big feather in our cap.
Yes, that's exactly my opinion, too.
David Frey <email@example.com>|Microsoft isn't the answer...it's the QUESTION.
Schlieren, Switzerland |``No'' is the answer.
PGP-Key available on request |Use Debian GNU/Linux!