Re: Shadow problems

To: meskes@Informatik.RWTH-Aachen.DE (Michael Meskes)
Cc: debian-devel@lists.debian.org
Subject: Re: Shadow problems
From: Miquel van Smoorenburg <miquels@cistron.nl>
Date: Sat, 17 Aug 1996 14:07:14 +0200 (MET DST)
Message-id: <[🔎] 199608171207.OAA08508@picard.cistron.nl>
In-reply-to: <[🔎] 199608171127.NAA01322@circe.informatik.rwth-aachen.de> from "Michael Meskes" at Aug 17, 96 01:27:55 pm

You (Michael Meskes) wrote:
> I'm currently trying to finish the work on the shadow package. However,
> there are some decision to make:
> 
> 1) Should we change the login package to be shadow aware? Or should shadow
> come with its own login (that works with and without shadow password files)?
> Or should we use the shadow login as standard?

Well the login we're using now is from util-linux, and unless you can get
the shadow patches into the upstream source (which wouldn't be a bad idea)
it would be easier to use the login from the shadow package I think.
You can use the Replaces: header for that. The same goes for newgrp.
In fact I think you can drop newgrp since it isn't needed under Linux, we
have BSD groups support.
> 
> 3) We definitely have to use the shadow passwd source to be able to handle
> the shadowed passwd file, while the old one is needed for the standard
> passwd file. But the passwd package also contains a conffile (/etc/shells)
> and two more binaries that are not affected by shadow (vipw/vigr). Should I
> add these to the shadow package, too?

vipw and vigr should be rewritten so that they can edit the passwd+shadow.
I've got a vipw that merges passwd+shadow, lets you edit the merge, and
then splits it again. It also adheres to the shadow password locking
convention. If you want it drop me a line.

Also, you'll have to replace adduser ofcourse. This will be easy; shadow
comes with a command line utility "useradd" that just needs a simple
perl wrapper around it that emulates adduser functionality.

Bruce (I think it was Bruce) mentioned that we want shadow passwords as
a standard feature for 1.2; so I think just making sure all conflicting
packages get upgraded to work with shadow and letting shadow conflict
with the older packages would do the job.

Which reminds me: RedHat is going to integrate PAM into their next release.
Perhaps now is a good time to look if we should consider using that too,
or if we think that shadow is good enough for now.

Mike.
-- 
  Miquel van    | Cistron Internet Services   --    Alphen aan den Rijn.
  Smoorenburg,  | mailto:info@cistron.nl          http://www.cistron.nl/
miquels@het.net | Tel: +31-172-419445 (Voice) 430979 (Fax) 442580 (Data)

Reply to:

Follow-Ups:
- Re: Shadow problems
  - From: Michael Alan Dorman <mdorman@lot49.med.miami.edu>
- Re: Shadow problems
  - From: Rob Browning <osiris@cs.utexas.edu>
- Re: Shadow problems
  - From: Michael Meskes <meskes@Informatik.RWTH-Aachen.DE>

References:
- Shadow problems
  - From: Michael Meskes <meskes@Informatik.RWTH-Aachen.DE>

Prev by Date: Shadow problems
Next by Date: Does kernel-package assume /etc/psdatabase -> /boot/psdatabase?
Previous by thread: Shadow problems
Next by thread: Re: Shadow problems
Index(es):
- Date
- Thread