Path: utzoo!attcan!uunet!husc6!mailrus!uflorida!haven!adm!smoke!gwyn From: gwyn@smoke.BRL.MIL (Doug Gwyn ) Newsgroups: comp.unix.wizards Subject: Re: /etc/shadow Message-ID: <8871@smoke.BRL.MIL> Date: 12 Nov 88 06:27:07 GMT References: <16722@agate.BERKELEY.EDU> <2178@cuuxb.ATT.COM> <16768@agate.BERKELEY.EDU> <17828@glacier.STANFORD.EDU> <2182@cuuxb.ATT.COM> <8861@smoke.BRL.MIL> <2189@cuuxb.ATT.COM> Reply-To: gwyn@brl.arpa (Doug Gwyn (VLD/VMB) ) Organization: Ballistic Research Lab (BRL), APG, MD. Lines: 40 In article <2189@cuuxb.ATT.COM> dlm@cuuxb.UUCP (Dennis L. Mumaugh) writes: >The documentation is scattered in the Release Notes for System V >Release 3.2. Thanks for posting the information. It is sites that DON'T HAVE SVR3.2 that are most in need of this information. >If there is no entry in >/etc/shadow we accept the /etc/passwd as gospel [in case someone >forgot to run /usr/lib/pwconv after adding a user.] That seems like a mistake. Far better to detect this omission when the new user first tries to log in than to gradually accumulate security holes. It also seems that the following are missing: "pwvalid" utility (necessarily privileged) to SLOWLY check a (user,password) pair for validity. Since it is insecure to pass this information as command-line arguments, they should be read from standard input (typically via a pipe connection). Obviously the exit status would be 0 if and only if the pair checks out ok. (The temptation to also log failures should be resisted!) A two-second delay should be acceptably slow. "int pwvalid(const char *user, const char *password)" C library function that simply opens a pipe to the above utility and returns true only when the arguments constitute a valid pair. In the above, probably it would be safest to use the encrypted form of a trial password instead of plaintext. It bothers me that some network protocols send unencrypted passwords over the network. All password-checking programs should use these interfaces to validate passwords. ("passwd" can use them for part of its job, but it also has to update the shadow file. So far as I know no other program needs to write (encrypted) passwords in such that it couldn't use "passwd" to do this for it.)