It's been pointed out on Bugtraq (for linux) and current-users
(for NetBSD) that invalid strings in the uid & gid field can
result in the result being treated as `0'.

This is caused by the pw_scan() function in -lutil using the result of
atoi().

There's a two part solution to this:
* modify pw_scan() to use strtol() instead of atoi(), and to set
  the return value of flags to include _PASSWORD_NOUID (or NOGID)
  if there was an invalid number.
* pwd_mkdb: in case of _PASSWORD_NOUID being returned for a non-YP
  line, to either:
	* ignore the line (maybe flagging a warning), or
	* to treat the uid/gid as -1 (not a standard?)

Unless there's major problems, I intend to fix pw_scan() and to
hack pwd_mkdb to detect this, and skip the line.

Comments?