Message-Id: <200101211609.LAA27011@qnx.com> Subject: Re: Status update (Smalltalk/Python) To: djgpp-workers AT delorie DOT com Date: Sun, 21 Jan 2001 11:09:16 -0500 (EST) From: "Alain Magloire" In-Reply-To: <3A6AEC96.4F46DBF5@phekda.freeserve.co.uk> from "Richard Dawe" at Jan 21, 2001 02:05:10 PM X-Mailer: ELM [version 2.5 PL0b1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Reply-To: djgpp-workers AT delorie DOT com Errors-To: nobody AT delorie DOT com X-Mailing-List: djgpp-workers AT delorie DOT com X-Unsubscribes-To: listserv AT delorie DOT com Precedence: bulk > > Hello. > > Eli Zaretskii wrote: > > > > On Sun, 21 Jan 2001, Tim Van Holder wrote: > > > Wasn't sure what to use for a value though; would apps expect > > > crypt()'ed values or plaintext? > > > > Could people who can access Unix and GNU/Linux boxes please look what > > they do? Crypt. > The password seems to be crypted. For the group password I get 'x', which > is what /etc/group contains for my user. This appears to be equivalent tp > a blank password field. This is on RedHat Linux 6.2 with glibc 2.1.3. Most Modern Un*x including GNU/Linux uses shadow passwd. Meaning the actual passwd is now save in /etc/shadow and not readable by all. It is common belief the shadow approach will give at least a first barrier to dictionnary style of attack. The passwd are now access via the shadow routines : struct spwd *getspnam(char *name); ... and friends. The caveat is that, when you want to authenticate you need to be root. > I don't have any groups with passwords. Perhaps someone who does can use > my test program? Here's my test program: group passwd is seldom use nowadays. The test program below is correct. > ---start getpwnam() test program--- ... > ---end getpwnam() test program--- Usually the way it is use: { ... pw = getpwnam (arg); if (pw == NULL) return ERR_BAD_LOGIN /* Oops! Houston we have a problem. */; if (strcmp (pw->pw_passwd, crypt (pass, pw->pw_passwd))) { #ifdef HAVE_SHADOW_H struct spwd *spw; spw = getspnam (arg); if (spw == NULL) return ERR_BAD_LOGIN; /* !! Danger Will Robertson! */ if (strcmp (spw->sp_pwdp, crypt (pass, spw->sp_pwdp))) #endif /* HAVE_SHADOW_H */ return ERR_BAD_PASSWD; /* Nuke the twit. */ } ... } Some systems follow Solaris example by having PAM style auth. I believe GNU/Linux and *BSD came up with there PAM libs too. > > > And what would be a good value? Maybe we could select one randomly > > > from "secret", "password" and "god" :-) > > > I'm open to suggestions... > > > > I suggest to start a contest for the best password. > > How about "open-sesame"? How about a little Locale: "Se'same_ouvre_toi" Or some French from Paris: "Voulez-vous_coucher_avec_moi_ce_soir_?" -- au revoir, alain ---- Aussi haut que l'on soit assis, on est toujours assis que sur son cul !!!