Re: perl or libc6 bug?: getpwnam('root') in NIS environment
In article <[🔎] ytt4smj6v44.fsf@gilgamesh.cse.ucsc.edu> you write:
>>>>>> "Heiko" == Heiko Schlittermann <heiko@datom.de> writes:
>
> Heiko> Hi, I'm just trying to write an short prototype for an
> Heiko> external authenticator for squid and discovered the
> Heiko> following:
>
> Heiko> #! /usr/bin/perl print (getpwnam('root'))[1], "\n";
>
> Heiko> returns the root encrypted password from the NIS-Servers
> Heiko> /etc/shadow ...!!
How do you have your /etc/shadow setup? In mine, I have at the bottom
+::::::
This tells it to use the NIS entries. If this for some reason
become misplaced (eg at the top) you could potentially have
problems.
>Are you not running this as root? What exactly do you mean by
That could also be significant, however, I always thought that
NIS was never checked until it found the entry prefixed with "+"
in the "real" file.
>"the NIS server's /etc/shadow"? I wasn't aware that there was a
>way of doing shadow over NIS.
Yes it is possible. There is no security benefit though. Or at least,
I have configured my NIS server only to provide shadow to connections
coming from secure ports, but this only works with login, which runs as
root. It doesn't work for programs like xlock, which isn't SUID root
anymore (it is SGID shadow).
>Alternatively, do a 'ypmatch root passwd' and see if you get the
>hashed password.
For shadow passwords you would use:
ypmatch root shadow.byname
(note: unless you have specially changed your config like I have,
this will work for any user, not just root).
Reply to: