From getpwent(3):

     These routines have been written to ``shadow'' the password file, e.g.
     allow only certain programs to have access to the encrypted password.  If
     the process which calls them has an effective uid of 0, the encrypted
     password will be returned, otherwise, the password field of the returned
     structure will point to the string `*'.

This is good.  But what if a user program want's to validate his/her
own password?  Shouldn't this return a valid password entry if the
requested uid is the same as the effective uid, or effective uid is 0?
Currently, this breaks the new xlock (xlockmore).  Is this a new
feature or does xlockmore validate things differently than the old one
(the procedure they use looks pretty much standard to me).  If this is
the way it has always been, how does a user program validate the
user's password?

				--Michael

-----------------------------------------------------------------------------
 Michael L. VanLoon                 Iowa State University Computation Center
    michaelv@iastate.edu                    Project Vincent Systems Staff
  Free your mind and your machine -- NetBSD free Un*x for PC/Mac/Amiga/etc.
-----------------------------------------------------------------------------



------------------------------------------------------------------------------