Password security - Another idea

Robert E. Stampfli res at cbnews.ATT.COM
Sat Dec 31 14:42:33 AEST 1988


Can anyone think of a good reason why either of the following should not be
done on systems that employ a shadow password file:

1. Provide a program which returns the encrypted version of the password
   for the uid (or euid) that invokes it.

2. Provide a program, similar to "passwd", which modifies the encrypted
   password in the /etc/passwd file, like the original version of the
   passwd command did.  You might, if you were really paranoid,
   restrict this so that the same password can not be used for both the
   /etc/passwd and shadow password file.

Both if these, it would seem to me, would be useful in writing things like
terminal lock programs (case 1), or programs that run set-uid to one account
to allow users the ability to do something with files owned by that account,
provided they possess the "public" password (case 2).

Rob Stampfli
att!cblpe!res (work)
osu-cis!n8emr!kd8wk!res (home)



More information about the Comp.unix.wizards mailing list