Re: strange result when typing wrong password
Niklas Söderlund <niklas.soderlund@chello.se> writes:
> btw, shouldn't shadow-passwords be default?
shadow-passwords breaks some things. A user should be able to run a
program that verifies that a given string matches the user's own
password. Examples of programs that need to do that are xlock, and
personal non-root ssh servers.
With traditional shadow passwords, you can't do that, the programs
either have to be setuid root (or setgid shadow or some such), or the
user needs to maintain his own passwd file, which is inconvenient.
Last time I installed a debian system, the installation program asked
me if I wanted shadow passwords or not.
On the Hurd, such programs could of course query the passwd server
instead, so we could use shadow passwords with no problems, but with
subtly different security properties than traditional unix. Except for
posix compatibility (like the getspnam function, if that's really
defined by posix?), shadow could be considered an implementation detail
of the passwd server.
/Niels
--
To UNSUBSCRIBE, email to debian-hurd-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: