tor 2006-04-27 klockan 17:44 -0300 skrev Giancarlo Razzolini: > I recently wrote a plugin for the OpenVPN program that authenticate > users either using the getpwnam or the getspnam functions. > A parameter in it's makefile must be set to enable/disable SHADOW > authentication, because i didn't wanted to use autoconf. I took a look > in the code from the getpwnam helper and i think it shouldn't take more > than a day to make it authenticate using either getpwnam or getspnam > functions. And i really want to contribute with this proxy that helped > me many times. I want to hear any comments from you guys.
Sounds like a excellent idea. To be correct the helper has to support both concurrently. The same system may have both shadow and non-shadow users. So how you are supposed to use these is that you first try with getspnam(), if that fails fall back on getpwnam(). Not all systems have getspnam() so a new configure test may be needed. Also there is noticeable security implications as the helper has to be installed set-user-id root (or set-group-id shadow on systems using a shadow group) in order to be able to use getspnam(). Because of this it's perhaps better to make a new getspnam helper based on the getpwnam helper code. Regards Henrik
signature.asc
Description: Detta är en digitalt signerad meddelandedel