| 1 |
Since you seem to be hesitant about their role: |
| 2 |
|
| 3 |
passwd: account information, which _used_ to also contain the encrypted |
| 4 |
password and had to be world readable (john the ripper,amongst others, |
| 5 |
made that a bad idea) |
| 6 |
shadow: came along later on as a root-readable-only to thwart john which |
| 7 |
contains the following structure (essentially, account password and |
| 8 |
time-constrained validity): |
| 9 |
|
| 10 |
shadow manipulates the contents of the shadow password file, |
| 11 |
/etc/shadow. The structure in the #include file is: |
| 12 |
|
| 13 |
struct spwd { |
| 14 |
char *sp_namp; /* user login name */ |
| 15 |
char *sp_pwdp; /* encrypted password */ |
| 16 |
long int sp_lstchg; /* last password change */ |
| 17 |
long int sp_min; /* days until change allowed. */ |
| 18 |
long int sp_max; /* days before change required */ |
| 19 |
long int sp_warn; /* days warning for expiration */ |
| 20 |
long int sp_inact; /* days before account inactive */ |
| 21 |
long int sp_expire; /* date when account expires */ |
| 22 |
unsigned long int sp_flag; /* reserved for future use */ |
| 23 |
} |
| 24 |
|
| 25 |
But I feel somewhat stupid stating this since I am sure you already know |
| 26 |
all of this much more than I do... |
| 27 |
|
| 28 |
Eric |
| 29 |
|
| 30 |
mellos@×××××××.com wrote: |
| 31 |
> Hello people, |
| 32 |
> |
| 33 |
> I'll take the first step and try to write something as close to a |
| 34 |
> progress report as I can. Things have been moving quite slowly, soc-wise, |
| 35 |
> over here since it's the middle of my semester exams and on top of that, |
| 36 |
> we've had quite a lot of earthquake activity for the past few days which made |
| 37 |
> things even worse ( I had to move for a few days to my parent's house ). |
| 38 |
> |
| 39 |
> However, since it's a progress report, I'll focus more on what I've |
| 40 |
> managed to get done than what I haven't. The first module which I |
| 41 |
> started working on was pam_unix, which is probably the most important as |
| 42 |
> well as the most "troublesome" since it takes care of all user |
| 43 |
> authentication and account management. All started well and the |
| 44 |
> authentication routine seemed to develop in a fast and smooth manner. |
| 45 |
> Soon I had it complete and did some very basic testing. All was nice... |
| 46 |
> |
| 47 |
> After that, it was time to go on account management. At first, things seemed |
| 48 |
> quite simple since all that had to be done was to ensure that the |
| 49 |
> authenticating user was using a valid tty/host/uname/pass and that the |
| 50 |
> account was not expired. When I got down to do it, I realised that it's |
| 51 |
> not as simple as I've been thinking. Since the goal of the project is to |
| 52 |
> write modules which will be compatible with BSD as well as LINUX, I had |
| 53 |
> to understand how exactly BSD login classes work, how to include them in |
| 54 |
> the module for BSD compatibility and furthermore, whether to use the |
| 55 |
> information for each user from /etc/shadow or /etc/passwd on Linux. |
| 56 |
> |
| 57 |
> I've done some work and I think that I got the BSD part complete but I |
| 58 |
> still have to check whether both shadow and passwd can provide the |
| 59 |
> correct info that is needed for account validation and go on with the |
| 60 |
> account management function of unix pam. |
| 61 |
> |
| 62 |
> I believe that by the end of this week, I'll have finished pam_unix and |
| 63 |
> then I'll decide whether it's better to check that it's working under all |
| 64 |
> circumstances or leave debuging for later and go on with writing the |
| 65 |
> rest of the pam modules. |
| 66 |
> |
| 67 |
> That's pretty much all I had to say. I'd like to hear how the rest of the |
| 68 |
> gentoo gsoc-ers are doing with their projects as well. |
| 69 |
> |
| 70 |
> Regards, |
| 71 |
> Seraphim |
| 72 |
> |
| 73 |
> |
| 74 |
> |
| 75 |
> |
| 76 |
|
| 77 |
-- |
| 78 |
gentoo-soc@l.g.o mailing list |
Archives