[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: radiusd-freeradius history and future

On Thu, 13 Nov 2003 03:59, Andreas Metzler wrote:
> > Also I believe that Lee's statement regarding NIS is incorrect,
> > unix_chkpwd only does /etc/shadow.
>
> testing.....
>
> You are wrong, unix_chkpwd does NIS (at least in the szenario I just
> tested). After changing unix_chkpwd from 4755 root:root to 2755
> root:shadow a NIS user can not unlock the terminal he has just locked
> himself with vlock anymore.

I've just read the code more carefully.  It seems that the only NIS specific 
code is the following:
if (strcmp(pwd->pw_passwd, "*NP*") == 0) {      /* NIS+ */
  uid_t save_uid;
  save_uid = geteuid();
  seteuid(pwd->pw_uid);
  spwdent = getspnam(name);
  seteuid(save_uid);
  salt = x_strdup(spwdent->sp_pwdp);
} else {
  salt = x_strdup(pwd->pw_passwd);
}

Now if the program is SGID shadow (same as vlock incidentally) then the UID of 
the process should already be the same as pwd->pw_uid and therefore it should 
all work.

Or do you have to be root for getpwnam() to work on NIS accounts?

Could you please do some more tests on this?
Reply to: