On Fri, 15 Jun 2007, Andy Ruhl wrote:
> On 6/15/07, Liam Foy <liamfoy@sepulcrum.org> wrote:
>> I don't understand what the huge benefit of having a feature like this
>> would actually be.
>
> To see if an attacker has installed a pwd.db file. I'm not sure if
> that's the most valuable thing to do, but it's something to check.

Surely you mean spwd.db which has the encrypted passwords in, etc.?

pwd.db contains the passwd data, spwd.db the master.passwd data, so pwd.db 
will never match the data in master.passwd

-- 
Stephen