1 |
Since you seem to be hesitant about their role: |
2 |
|
3 |
passwd: account information, which _used_ to also contain the encrypted |
4 |
password and had to be world readable (john the ripper,amongst others, |
5 |
made that a bad idea) |
6 |
shadow: came along later on as a root-readable-only to thwart john which |
7 |
contains the following structure (essentially, account password and |
8 |
time-constrained validity): |
9 |
|
10 |
shadow manipulates the contents of the shadow password file, |
11 |
/etc/shadow. The structure in the #include file is: |
12 |
|
13 |
struct spwd { |
14 |
char *sp_namp; /* user login name */ |
15 |
char *sp_pwdp; /* encrypted password */ |
16 |
long int sp_lstchg; /* last password change */ |
17 |
long int sp_min; /* days until change allowed. */ |
18 |
long int sp_max; /* days before change required */ |
19 |
long int sp_warn; /* days warning for expiration */ |
20 |
long int sp_inact; /* days before account inactive */ |
21 |
long int sp_expire; /* date when account expires */ |
22 |
unsigned long int sp_flag; /* reserved for future use */ |
23 |
} |
24 |
|
25 |
But I feel somewhat stupid stating this since I am sure you already know |
26 |
all of this much more than I do... |
27 |
|
28 |
Eric |
29 |
|
30 |
mellos@×××××××.com wrote: |
31 |
> Hello people, |
32 |
> |
33 |
> I'll take the first step and try to write something as close to a |
34 |
> progress report as I can. Things have been moving quite slowly, soc-wise, |
35 |
> over here since it's the middle of my semester exams and on top of that, |
36 |
> we've had quite a lot of earthquake activity for the past few days which made |
37 |
> things even worse ( I had to move for a few days to my parent's house ). |
38 |
> |
39 |
> However, since it's a progress report, I'll focus more on what I've |
40 |
> managed to get done than what I haven't. The first module which I |
41 |
> started working on was pam_unix, which is probably the most important as |
42 |
> well as the most "troublesome" since it takes care of all user |
43 |
> authentication and account management. All started well and the |
44 |
> authentication routine seemed to develop in a fast and smooth manner. |
45 |
> Soon I had it complete and did some very basic testing. All was nice... |
46 |
> |
47 |
> After that, it was time to go on account management. At first, things seemed |
48 |
> quite simple since all that had to be done was to ensure that the |
49 |
> authenticating user was using a valid tty/host/uname/pass and that the |
50 |
> account was not expired. When I got down to do it, I realised that it's |
51 |
> not as simple as I've been thinking. Since the goal of the project is to |
52 |
> write modules which will be compatible with BSD as well as LINUX, I had |
53 |
> to understand how exactly BSD login classes work, how to include them in |
54 |
> the module for BSD compatibility and furthermore, whether to use the |
55 |
> information for each user from /etc/shadow or /etc/passwd on Linux. |
56 |
> |
57 |
> I've done some work and I think that I got the BSD part complete but I |
58 |
> still have to check whether both shadow and passwd can provide the |
59 |
> correct info that is needed for account validation and go on with the |
60 |
> account management function of unix pam. |
61 |
> |
62 |
> I believe that by the end of this week, I'll have finished pam_unix and |
63 |
> then I'll decide whether it's better to check that it's working under all |
64 |
> circumstances or leave debuging for later and go on with writing the |
65 |
> rest of the pam modules. |
66 |
> |
67 |
> That's pretty much all I had to say. I'd like to hear how the rest of the |
68 |
> gentoo gsoc-ers are doing with their projects as well. |
69 |
> |
70 |
> Regards, |
71 |
> Seraphim |
72 |
> |
73 |
> |
74 |
> |
75 |
> |
76 |
|
77 |
-- |
78 |
gentoo-soc@l.g.o mailing list |