Date: Wed, 26 Nov 2003 22:53:00 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Peter Pentchev <roam@ringlet.net> Cc: Kai Mosebach <kai@freshx.de> Subject: Re: getpwnam with md5 encrypted passwds Message-ID: <3FC59F4C.AE917AB8@mindspring.com> References: <3FC49DA6.54459AD6@mindspring.com> <20031126132058.A663915E12E@dust.freshx.de> <20031126140530.GB307@straylight.m.ringlet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Pentchev wrote: > On Wed, Nov 26, 2003 at 02:21:04PM +0100, Kai Mosebach wrote: > > Looks interesting ... is this method also usable, when i dropped my privs ? > > I think Terry meant pam_authenticate() (not pan), but to answer your > question: no, when you drop your privileges, you do not have access to > at least the system's password database (/etc/spwd.db, generated from > /etc/passwd and /etc/master.passwd by pwd_mkdb(8)). If this will be any > consolation, getpwnam() won't return a password field when you have > dropped root privileges either. Peter is correct on both counts. If I had not sen his reply first, I would have made the same reply. You cannot crypt something you cannot read. -- Terry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FC59F4C.AE917AB8>