[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

tcsh and shadow passwords

[Please CC me any responses as I am currently not subscribed to debian-devel
as my link's bandwidth is rather limited]

there was a recent bug report (Bug #40584) about tcsh and the autolock and
autologout features. I have found that the problem is that auto_lock in
tc.func.c is actually calling getspnam and failing to read the password:

    if ((pw = getpwuid(euid)) != NULL &&        /* effective user passwd  */
        (spw = getspnam(pw->pw_name)) != NULL)  /* shadowed passwd        */
        srpp = spw->sp_pwdp;                                                    

Now, this means that auto_lock immediately turns into auto_logout. I am
puzzled as to what I should do. I don't have much experience with shadow so
the question is, is it possible to have tcsh read the shadow file without
it being a security risk?

Luis Francisco Gonzalez <luisgh@debian.org>
PGP Fingerprint = F8 B1 13 DE 22 22 94 A1  14 BE 95 8E 49 39 78 76

Reply to: