Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!zaphod.mps.ohio-state.edu!qt.cs.utexas.edu!yale.edu!cs.yale.edu!fractal.math.yale.edu!fn From: fn@fractal.math.yale.edu (Francois Normant) Newsgroups: comp.unix.aix Subject: Re: Password Verification Message-ID: <1991Jun28.211516.15943@cs.yale.edu> Date: 28 Jun 91 21:15:16 GMT References: <16390@smoke.brl.mil> <503@fnnews.fnal.gov> Sender: news@cs.yale.edu (Usenet News) Organization: Yale University - Mathematics Department Lines: 58 Nntp-Posting-Host: fractal.math.yale.edu In article <503@fnnews.fnal.gov> shah@cdsun.fnal.gov (Hemant Shah) writes: > >In article <16390@smoke.brl.mil>, somsky@brl.mil (William R. Somsky) writes: >|> I'd like to put 'xlock' onto our systems, but I'm having difficulty >|> with the unlock user verification part. What xlock normally does is ask >|> for the user's password and compares this (via the appropriate encryption >|> routines) with the entry found in /etc/passwd. With the passwords stored >|> in /etc/security/passwd, however, this fails. Has anyone worked this out? >|> Should I make xlock be suid root? What would be needed to read the >|> /etc/security/passwd file? For getting the info out of /etc/passwd, >|> there is some library routin (I forget the name just now) which reads >|> the /etc/passwd file and extracts the relevant information. Is there >|> an appropriate function for the /etc/security/passwd file? Does anyone >|> have any suggestions? (And yes, I've already dealt with Ctl-Alt-Backspace.) >|> >|> ---------------------------------------------------------------------- >|> I speak for no-one other than myself --- sometimes, not even that... >|> ---------------------------------------------------------------------- >|> William R. Somsky somsky@brl.mil > > >When we proted xlock to our RS600 we had same problem. Our solution was to >change the permission on the files, the /etc/security directory should look >like : > > drwxr-xr-x 4 root security 512 May 01 18:03 security > >and the file permission in /etc/security should look like : > > -rw-r--r-- 1 root security 2853 Jun 26 09:32 passwd > > >------------------------------------------------------------------------------- >Hemant Shah >Fermilab >ACCESS/System Integration > > >E-mail :shah@fnal.fnal.gov > Voice : (708) 840-8071 > Fax : (708) 840-2783 >------------------------------------------------------------------------------- It would be much better to use the patch that was posted a few weeks ago or even set xlock user-id to root (chmod 4555 xlock). But please leave the permissions as they originally are on /etc/security (drwxr-x---) and /etc/security/passwd (-rw-------). If anybody can take a peak at /etc/security, explain me the utility of that directory ? -- Francois Normant - fn@math.yale.edu Yale University - Mathematics Department Box 2155 - Yale Station New Haven CT 06520