How the heck can it work?

Steve Langasek vorlon at
Mon Jul 24 22:35:41 GMT 2000

On Mon, 24 Jul 2000, Ron Alexander wrote:

> What I meant, is that the returning of the password (encrypted or not) is
> not allowed in a POSIX conforming application. The API call is 'struct
> passwd *getpwnam(const char *name);' Neither the pw_password nor pw_gecos
> fields of the  passwd struct are available in POSIX.1.

> As far as I know, there is no other method to get the password.

> The 'toeing the line' comment was from a friend of mine who pointed out that
> many non POSIX conforming systems were changing the getpwnam call to NOT
> return the password so they would be POSIX conforming. Now that I think
> about it though, it makes no sense unless there is another way to
> authenticate a user.

I would be very much surprised if Unices were dropping the pw_passwd field out
of struct passwd solely for the purpose of POSIX-compliance.  Indeed, I think
most Unices still have the password field in the actual password file for
legacy support, even though many have moved to shadow passwords or other
secure authentication schemes.

If there's no standardized function under VOS for retrieving the encrypted
password, then what's the preferred method for authenticating users?
(Whatever it is, that's probably what needs to be dropped into swat)

Steve Langasek
postmodern programmer

More information about the samba-technical mailing list