[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Shadow passwords and GNU su

Since we are planning on putting shadow passwords into bo, I think that we
should start reoriganizing the distribution to support them now. That
means we should move the shadow packages into bo from experimental (they
need a .dsc-format source package generating, though), remove the
existing 'login' and 'passwd' packages, and start making new binary
packages which support shadow passwords. I have found the following
packages need 'shadowizing':-

	ssh (Hmmm... this is in Debian-non-US, and still needs to work
		with Debian 1.1/1.2)
	X (although xdm-shadow is included, it is not used by default)
	adduser (more difficult)

ssh, samba, and X all already support shadow passwords, and it is just a
case of recompiling the binaries. However, adduser is a debian-specific
package, and will need some large modifications to add support for proper
shadow passwords (we really shouldn't be using 'useradd', etc., from the
shadow package).

Secondly, what do we do with GNU su and shadow passwords? Since GNU su
supports shadow passwords, but is not as secure as the su which is part of
the shadow suite, it could become an undesirable security hole (someone
wants to do a 'su', but is not in group 'root', so they just run
'/sbin/gnu-su' instead).

If we are going to move to shadow ASAP, I will upload the next shellutils
without the GNU su binary.

Tom Lees <tom@lpsg.demon.co.uk>			http://www.lpsg.demon.co.uk/
PGP ID 87D4D065, fingerprint 2A 66 86 9D 02 4D A6 1E  B8 A2 17 9D 4F 9B 89 D6
finger tom@master.debian.org for full public key (also available on keyservers)

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: