Xref: utzoo comp.unix.i386:1322 comp.unix.questions:17861
Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uunet!munnari.oz.au!mimir!hugin!augean!sirius.ua.oz.au!nt!levels!ccdn
From: CCDN@levels.sait.edu.au (david newall)
Newsgroups: comp.unix.i386,comp.unix.questions
Subject: Re: Using "getpwent" in SYSV/386
Message-ID: <2941@levels.sait.edu.au>
Date: 20 Nov 89 18:07:35 GMT
References: <785@ctdi.UUCP> <11633@smoke.BRL.MIL>
Followup-To: comp.unix.i386
Organization: Sth Australian Inst of Technology
Lines: 29

In article <11633@smoke.BRL.MIL>, gwyn@smoke.BRL.MIL (Doug Gwyn) writes:
> In article <785@ctdi.UUCP> mikei@ctdi.UUCP (Mike Israel) writes:
> -This particular version of Unix stores encrypted passwords
> -in a file called /etc/shadow.  Is there an existing function
> -to access the encrypted password?
>
> NO, that's the whole point of having /etc/shadow.

I'm most surprised to hear Doug claiming that the purpose of /etc/shadow
is so that "encrypted" passwords can't be easily accessed.  I'm sure that
no such thing is the case.

The purpose of the shadow password file is so that unprivileged processes
cannot access the "encrypted" password.  That's a security consideration.
(I personally feel that even unprivileged processes can have some need to
authenticate arbitrary users; and that having them type their password is
a reasonable authentication scheme.  But that's another issue.)

The purpose of /etc/shadow is NOT to make it inconvenient to access this
data, assuming you have permission to access it.  I would have thought it
reasonable for getpwent to fill in the pw_passwd field if it was invoked
by root.  Alternatively, I would have thought "getshadowent" routines would
have been provided (for the exclusive use of root processes).


David Newall                     Phone:  +61 8 343 3160
Unix Systems Programmer          Fax:    +61 8 349 6939
Academic Computing Service       E-mail: ccdn@levels.sait.oz.au
SA Institute of Technology       Post:   The Levels, South Australia, 5095