At 15:33 +0100 2003/01/01, Nico Erfurth wrote:
>On Wed, 1 Jan 2003, Giuliano Gavazzi wrote:
>
>> What I find strange is that exim has no built in getpwnam
>> functionality. Isn't that a feasable way to access passwords on any
>> Unix-like system or do PAM and other methods break it?
>
>Exim 4.12 provides a "passwd"-lookup.
>
>ciao
yep, sorry for respawning this thread, but this passwd lookup is of
no use for checking passwords as:
*result = string_sprintf("*:%d:%d:%s:%s:%s", (int)pw->pw_uid,
(int)pw->pw_gid, pw->pw_gecos, pw->pw_dir, pw->pw_shell);
of course a simple patch would substitute this with:
*result = string_sprintf("%s:%d:%d:%s:%s:%s", pw->pw_passwd,
(int)pw->pw_uid, (int)pw->pw_gid, pw->pw_gecos, pw->pw_dir,
pw->pw_shell);
and be a solution for whose who asked how to authenticate without
making an unsafe copy of /etc/master.passwd.
Security implications?
Giuliano
--
H U M P H
|| |||
software
Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/
