Bug#24008: marked as done (passwd.adjunct support has disappeared from libc since libc5)
Your message dated Thu, 13 May 1999 10:01:02 -0700
with message-id <email@example.com>
and subject line (no subject)
has caused the attached bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I'm
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
(administrator, Debian bugs database)
Received: (at submit) by bugs.debian.org; 28 Jun 1998 06:07:50 +0000
Received: (qmail 20623 invoked from network); 28 Jun 1998 06:07:49 -0000
Received: from extra.ucc.su.oz.au (22.214.171.124)
by debian.novare.net with SMTP; 28 Jun 1998 06:07:49 -0000
Received: from poota.frig.org.au (IDENT:firstname.lastname@example.org [126.96.36.199])
by extra.ucc.su.OZ.AU (8.9.0/8.9.0) with ESMTP id QAA14196
for <email@example.com>; Sun, 28 Jun 1998 16:07:44 +1000 (EST)
Received: from localhost (maffew@localhost [127.0.0.1])
by poota.frig.org.au (8.8.7/8.8.7) with SMTP id QAA03722
for <firstname.lastname@example.org>; Sun, 28 Jun 1998 16:05:12 +1000
Date: Sun, 28 Jun 1998 16:05:09 +1000 (EST)
From: Matthew Arnison <email@example.com>
Reply-To: Matthew Arnison <firstname.lastname@example.org>
Subject: passwd.adjunct support has disappeared from libc since libc5
Content-Type: TEXT/PLAIN; charset=US-ASCII
I've just upgraded from Debian 1.3.1 to Debian 2.0 beta.
Our NIS server uses a passwd.adjunct map for shadowed passwords.
So most users can't login to my debian system anymore, as passwd.adjunct
support seems to have vanished somewhere between libc5 and libc6.
I've done the right things with nsswitch.conf. ypcat works (although I had
to downgrade to the bo version of the nis package (the hamm version of nis
was giving "internet server error" when I did ypcat) - but this is an
unrelated problem I should probably put in a seperate bug report for).
But most tellingly, I looked at the source code for libc5 and libc6.
Shadow passwords work by having an "x" in the passwd field of the passwd
map. This tells authentication programs such as login and xdm to go
lookup the shadow passwords with getspwnam.
passwd.adjunct works by having ##username in the passwd field of the
passwd map. This tells getpwnam (or similar) to go lookup the
passwd.adjunct map (only works on privileged port if NIS) for the crypted
password. This is how libc5 did it anyhow, as I read the source code.
This seems to be how some Suns do shadow passwords (including our NIS
libc6 drops all mention of passwd.adjunct. I grepped through all the
files in the nss and nis folders and subfolders. I then looked through
the code in nss_compat, nss_nis to verify that it only ever checks the
"shadow" map/files, not the "passwd.adjunct" map/file.
I've been working on patching passwd.adjunct support back in, but:
a) I'm not sure how exactly to put it back in - it's basically an extra if
case, which could be applied to all nss modes, or made into a new one
b) when i downloaded the glibc-2.0.7r source from a debian mirror from a
I didn't get the linuxthreads and crypt addons, and glibc's configure
script is complaining. Not sure where to find these addons in the deb src
Matthew Arnison Email: email@example.com
Research Scientist Phone: +61 2 9351-6874
Physical Optics Dept. Fax: +61 2 9351-7727
School of Physics A28 Web: http://www.physics.usyd.edu.au/physopt/
University of Sydney NSW 2006