[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re^2: Another shadow question

Hello everybody,

Guy> > On Tue, 7 May 1996, David Frey wrote:
Guy> > 
Guy> > >    There are far too many conflicting binaries which are replaced by
Guy> > >    shadow (passwd, login was in miscutils (where is it now?), 
Guy> > >            su is in shellutils, chfn, newgrp (in shellutils), ...)
Guy> > 
Guy> > Ugh. It'd look like it'd be kinda messy. Wouldn't it be better to simply
Guy> > change all packages to be shadow-aware (i.e. they use shadow if it's
Guy> > there)?
Guy> >From my understanding of shadow passwords, it is possible to make
Guy> programs work both with and without shadowing.  I'm the maintainer of
Guy> all the programs mentioned except su.  Perhaps, David, you could put
Guy> the source somewhere so I and the other affected developers could look
Guy> at it?

I fear, that I was unclear. I wasn't speaking of general 'shadow support',
I thought at the 'shadow' package from John. F. Haugh II under the BSD 
This package provides a new shadow-aware login, su, passwd, et.al plus
some programs to convert to shadow-passwds.

The current upstream-maintainer of the shadow package is 
Marek Michalkiewicz, below the LSM (there may be newer versions around):

  Title:	  Shadow Password Suite
  Version:	  3.3.3-951218
  Entered-date:	  18DEC95
  Keywords:	  login passwd security shadow
  Author: 	  jfh@rpp386.cactus.org (John F. Haugh II)
  Maintained-by:  marekm@i17linuxb.ists.pwr.wroc.pl (Marek Michalkiewicz)
  Primary-site:	  sunsite.unc.edu /pub/Linux/system/Admin
		  220K shadow-951218.tar.gz
  Alternate-site: ftp.ists.pwr.wroc.pl /pub/linux/shadow
  Original-site:  ftp.uu.net ?
  Copying-policy:  BSD-like

Guy> Is it possible for a system to be switched to or from shadow support,
Guy> or must the decision be made on installation?  

You simply have to replace the shadow package against it non-shadow
counterparts: login, su, passwd etc.

Guy>                                               Does your package
Guy> include scripts that rewrite passwd into passwd and shadow and
Guy> vice-versa?  

No. It was a private hack for me, so there aren't any sophisticated
install scripts etc.

(It's not difficult, by the way).

Guy>             I'm imagining a program, shadowconfig, that could be run
Guy> to turn on or off shadow password support.  The other programs would
Guy> adjust based on whether the password was in the passwd struct.  Is this
Guy> practical?

I don't think it's practical (but not impossible).

Guy> I don't think it's wise to start a discussion on the merits of password
Guy> shadowing, as I'm afraid that it would rapidly deteriorate.  Optional

You're right. I didn't my no means wanted to start a flame-war or something

Guy> shadow password support, however, would be a big feather in our cap.

Yes, that's exactly my opinion, too.

David Frey <david@eos.lugs.ch>|Microsoft isn't the answer...it's the QUESTION.
Schlieren, Switzerland        |``No'' is the answer.
PGP-Key available on request  |Use Debian GNU/Linux!

Reply to: