On Wed, Nov 26, 2003 at 02:21:04PM +0100, Kai Mosebach wrote: > > -----Urspr?ngliche Nachricht----- > > Von: Terry Lambert [mailto:[EMAIL PROTECTED] > > Gesendet: Mittwoch, 26. November 2003 13:34 > > An: [EMAIL PROTECTED] > > Cc: [EMAIL PROTECTED] > > Betreff: Re: getpwnam with md5 encrypted passwds > > > > "[EMAIL PROTECTED]" wrote: > > > i am trying to validate a given user password against my local passwd- > > file with > > > this piece of code : > > > > > > if (!( pwd = getpwnam ( user ))) { > > > log(ERROR,"User %s not known",user); > > > stat=NOUSER; > > > } > > > if (!strcmp( crypt(pass,pwd->pw_name), pwd->pw_passwd) ) { > > > log(DEBUG|MISC,"HURRAY : %s authenticated\n", user); > > > stat = AUTHED; > > > } > > > > I know you have the fix for the crypt of the wrong field, but the > > proper thing to do is probably to use pan_authenticate() so that > > you are insensitive to the athentication method being used, rather > > than crypting and comparing it yourself. > > > > Looks interesting ... is this method also usable, when i dropped my privs ?
I think Terry meant pam_authenticate() (not pan), but to answer your question: no, when you drop your privileges, you do not have access to at least the system's password database (/etc/spwd.db, generated from /etc/passwd and /etc/master.passwd by pwd_mkdb(8)). If this will be any consolation, getpwnam() won't return a password field when you have dropped root privileges either. G'luck, Peter -- Peter Pentchev [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence contains exactly threee erors.
pgp00000.pgp
Description: PGP signature
