Date: Mon, 3 Nov 1997 21:20:35 -0800 (PST) From: Tom <tom@sdf.com> To: Joao Carlos Mendes Luis <jonny@coppe.ufrj.br> Cc: perhaps@yes.no, hackers@freebsd.org Subject: Re: Password verification (Was: cvs commit: ports/x11/kdebase - Imported sources) Message-ID: <Pine.BSF.3.95q.971103211622.222B-100000@misery.sdf.com> In-Reply-To: <199711032102.TAA09231@gaia.coppe.ufrj.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 3 Nov 1997, Joao Carlos Mendes Luis wrote: > A lot. You just have not seen the aplication yet... > > Think in xlock, for the most obvious example. xlock is rather specialized. > // I don't find this very useful. For example, lets say you want a web > // server to be able to verify passwords, but the web server is running as a > // "www" user, so it can't anything but its own password? The pwcheck daemon > // is a little more useful. It allows me to have fairly unprivledged servers > // check passwords. > > Then what you want is to disable shadow passwords at all ? Can't be done, even if that is what I wanted. > Or, maybe, that a GROUP of uids could see every other password. > It is a way of thinking, and may be useful too. Sure, that is what the pwcheck daemon does. > But what do you want to do with other people password without > root privs ? "Hey, I know you are who you say you are, but > I can do nothing for you. I'm just nobody, sorry". Who says you can't do anthing if you aren't root? I have a POP/IMAP server which run completely non-root (avoiding all the nasty bugs that appeared in UW-imapd), and it uses the pwcheck daemon to do this. A web server is also a good example. You don't want it running as root, but you want to restrict certain things to certain users found in the passwd file. > Jonny > > -- > Joao Carlos Mendes Luis jonny@gta.ufrj.br > +55 21 290-4698 jonny@coppe.ufrj.br > Universidade Federal do Rio de Janeiro UFRJ/COPPE/CISI > PGP fingerprint: 29 C0 50 B9 B6 3E 58 F2 83 5F E3 26 BF 0F EA 67 > > Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.971103211622.222B-100000>