[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: perl or libc6 bug?: getpwnam('root') in NIS environment

On Wed, Apr 14, 1999 at 09:10:35AM -0700, Ben Gertzfield wrote:
> >>>>> "Heiko" == Heiko Schlittermann <heiko@datom.de> writes:
>     Heiko>     #! /usr/bin/perl print (getpwnam('root'))[1], "\n";
>     Heiko> returns the root encrypted password from the NIS-Servers
>     Heiko> /etc/shadow ...!!
> Are you not running this as root? What exactly do you mean by
> "the NIS server's /etc/shadow"? I wasn't aware that there was a
> way of doing shadow over NIS.

on our solaris network, the workstations have shadow passwords but the NIS
map doesn't (i.e. ypmatch root passwd returns the hash), which seems a bit
pointless to me..

> Alternatively, do a 'ypmatch root passwd' and see if you get the
> hashed password.

<mainly to the original author:>

remember that getpwnam() refers through /etc/nsswitch.conf first. If you've
set "passwd: files nis", you can get a different result doing "print
((getpwnam('root'))[1])" as from "ypmatch root passwd", if you run perl from
a machine with shadow passwords without the perl process having shadow group
privilege. (I certainly don't think it's a problem in perl, I imagine it's
just returning results from getpwnam(3)...)

shadow passwords and NIS don't mix well. Design problem with NIS- there's no
way for the NIS server to know if a client is privileged to see the
encrypted password or not, so it's always got to be put in.


Steve Haslam, Validation Engineer, ARM Ltd, Cambridge UK     +44-1223-400677
steve.haslam@arm.com       steve@arise.demon.co.uk        araqnid@debian.org
www.arise.demon.co.uk     8410 63C6 5821 1A2E BB26  E98F 8F16 B533 AF99 D43A
A4 5D 30 2C EE CB 41 24  A7 9E DF E3 74 E8 2E 5B  @  http://wwwkeys.pgp.net/

Reply to: