How the heck can it work?
rcalex at home.com
Mon Jul 24 23:51:58 GMT 2000
I have found the VOS function that will get the encrypted password. There is
also a routine to encipher a clear text password so I can compare them.
It occurred to me that there had to be another way given that we have had
ftp and telnet on Stratus for many years now.
From: Steve Langasek [mailto:vorlon at netexpress.net]
Sent: July 24, 2000 6:36 PM
To: Ron Alexander
Subject: RE: How the heck can it work?
On Mon, 24 Jul 2000, Ron Alexander wrote:
> What I meant, is that the returning of the password (encrypted or not) is
> not allowed in a POSIX conforming application. The API call is 'struct
> passwd *getpwnam(const char *name);' Neither the pw_password nor pw_gecos
> fields of the passwd struct are available in POSIX.1.
> As far as I know, there is no other method to get the password.
> The 'toeing the line' comment was from a friend of mine who pointed out
> many non POSIX conforming systems were changing the getpwnam call to NOT
> return the password so they would be POSIX conforming. Now that I think
> about it though, it makes no sense unless there is another way to
> authenticate a user.
I would be very much surprised if Unices were dropping the pw_passwd field
of struct passwd solely for the purpose of POSIX-compliance. Indeed, I
most Unices still have the password field in the actual password file for
legacy support, even though many have moved to shadow passwords or other
secure authentication schemes.
If there's no standardized function under VOS for retrieving the encrypted
password, then what's the preferred method for authenticating users?
(Whatever it is, that's probably what needs to be dropped into swat)
More information about the samba-technical