passwd schmasswd. Was: Re: [Exim] Exim 4.10 on OS X Server -…

Top Page
Delete this message
Reply to this message
Author: Giuliano Gavazzi
Date:  
To: Nico Erfurth
CC: exim-users
Subject: passwd schmasswd. Was: Re: [Exim] Exim 4.10 on OS X Server - Relay Problems
At 15:33 +0100 2003/01/01, Nico Erfurth wrote:
>On Wed, 1 Jan 2003, Giuliano Gavazzi wrote:
>
>> What I find strange is that exim has no built in getpwnam
>> functionality. Isn't that a feasable way to access passwords on any
>> Unix-like system or do PAM and other methods break it?
>
>Exim 4.12 provides a "passwd"-lookup.
>
>ciao



yep, sorry for respawning this thread, but this passwd lookup is of
no use for checking passwords as:

*result = string_sprintf("*:%d:%d:%s:%s:%s", (int)pw->pw_uid,
(int)pw->pw_gid, pw->pw_gecos, pw->pw_dir, pw->pw_shell);

of course a simple patch would substitute this with:

*result = string_sprintf("%s:%d:%d:%s:%s:%s", pw->pw_passwd,
(int)pw->pw_uid, (int)pw->pw_gid, pw->pw_gecos, pw->pw_dir,
pw->pw_shell);

and be a solution for whose who asked how to authenticate without
making an unsafe copy of /etc/master.passwd.

Security implications?

Giuliano
--
H U M P H
    || |||
  software


Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/