mikei@ctdi.UUCP (Mike Israel) (11/17/89)
I have a question regarding the use of the "C" function
"getpwent" under AT&T's Unix SYSV/386 Release 3.2.
This particular version of Unix stores encrypted passwords
in a file called /etc/shadow. The standard /etc/password field
for the encrypted password simply contains an 'x'. Using
"getpwent" simply retrieves this 'x'.
Is there an existing function to access the encrypted password?
--
Michael A. Israel || uucp: mikei@ctdi.UUCP
|| ...!uunet!cbmvax!ctdi1!ctdi
Communications Test Design Inc. ||
West Chester, PA || I think therefore I am confused.
gwyn@smoke.BRL.MIL (Doug Gwyn) (11/18/89)
In article <785@ctdi.UUCP> mikei@ctdi.UUCP (Mike Israel) writes:
-This particular version of Unix stores encrypted passwords
-in a file called /etc/shadow. The standard /etc/password field
-for the encrypted password simply contains an 'x'. Using
-"getpwent" simply retrieves this 'x'.
-Is there an existing function to access the encrypted password?
NO, that's the whole point of having /etc/shadow.
cpcahil@virtech.uucp (Conor P. Cahill) (11/20/89)
In article <785@ctdi.UUCP>, mikei@ctdi.UUCP (Mike Israel) writes: > I have a question regarding the use of the "C" function > "getpwent" under AT&T's Unix SYSV/386 Release 3.2. > > This particular version of Unix stores encrypted passwords > in a file called /etc/shadow. The standard /etc/password field > for the encrypted password simply contains an 'x'. Using > "getpwent" simply retrieves this 'x'. > > Is there an existing function to access the encrypted password? The set of functions used to access the shadow file are named similar to the getpwent family of functions but use an "sp" instead of the "pw". So you have a getspent(), etc. /usr/include/shadow.h has the structures used by these functions. I can't find any reference to these functions in the 386/ix, AT&T, or Bell Tech documentation sets. Since they seem to be designed to replace the getpwent functions I would assume that the functionality is the same. -- +-----------------------------------------------------------------------+ | Conor P. Cahill uunet!virtech!cpcahil 703-430-9247 ! | Virtual Technologies Inc., P. O. Box 876, Sterling, VA 22170 | +-----------------------------------------------------------------------+
CCDN@levels.sait.edu.au (david newall) (11/21/89)
In article <11633@smoke.BRL.MIL>, gwyn@smoke.BRL.MIL (Doug Gwyn) writes: > In article <785@ctdi.UUCP> mikei@ctdi.UUCP (Mike Israel) writes: > -This particular version of Unix stores encrypted passwords > -in a file called /etc/shadow. Is there an existing function > -to access the encrypted password? > > NO, that's the whole point of having /etc/shadow. I'm most surprised to hear Doug claiming that the purpose of /etc/shadow is so that "encrypted" passwords can't be easily accessed. I'm sure that no such thing is the case. The purpose of the shadow password file is so that unprivileged processes cannot access the "encrypted" password. That's a security consideration. (I personally feel that even unprivileged processes can have some need to authenticate arbitrary users; and that having them type their password is a reasonable authentication scheme. But that's another issue.) The purpose of /etc/shadow is NOT to make it inconvenient to access this data, assuming you have permission to access it. I would have thought it reasonable for getpwent to fill in the pw_passwd field if it was invoked by root. Alternatively, I would have thought "getshadowent" routines would have been provided (for the exclusive use of root processes). David Newall Phone: +61 8 343 3160 Unix Systems Programmer Fax: +61 8 349 6939 Academic Computing Service E-mail: ccdn@levels.sait.oz.au SA Institute of Technology Post: The Levels, South Australia, 5095
lbert359@pallas.UUCP (Lee Bertagnolli) (11/22/89)
Manual pages for /etc/shadow-related functions (e.g., getspent()) may be found in AT&T's Integrated Software Development Guide (ISDG), document id # 999-300-523. This manual has a load of info on tuning, porting, and device driver development. AT&T says the target audience for this manual is VAR's, ISV's, and IHV's, so I don't know if it is generally available. Regards, Lee Bertagnolli lbert359@athenanet.com
sp@labtam.oz (Stephen Prince) (11/23/89)
In article <2941@levels.sait.edu.au> CCDN@levels.sait.edu.au (david newall) writes: >In article <11633@smoke.BRL.MIL>, gwyn@smoke.BRL.MIL (Doug Gwyn) writes: >> In article <785@ctdi.UUCP> mikei@ctdi.UUCP (Mike Israel) writes: >> -Is there an existing function >> -to access the encrypted password? >> >> NO, that's the whole point of having /etc/shadow. > Alternatively, I would have thought "getshadowent" routines would >have been provided (for the exclusive use of root processes). There is, or at least should be if your system is a complete V.3.2. The relevent routines can be found in /usr/lib/libsec.a and only work if your uid == 0. I don't have a manual handy, but the functions are something like: #include <shadow.h> void setspent(); void endspent(); struct spwd * getspent(); struct spwd * fgetspent(FILE *f); struct spwd * getspname(char *name); int putspent(struct spwd *p, FILE *f); /sp