Subject: Re: pseudo-shadowing of passwords [...]
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Simon J. Gerraty <sjg@quick.com.au>
List: tech-security
Date: 10/09/1998 14:13:39
>It occurs to me - would it be worthwhile to have a syntax for the
>password field in /etc/master.passwd, copied to /etc/passwd by
>pwd_mkdb, that says "go look in .password in the user's homedir"?  I
>don't propose moving _everyone_'s password to ~/.password, if only for

Interesting idea.  If you change such that ~/.password is a copy 
rather than the repository you might be better off.  Ie. the only change 
would be for getpwent to check ~/.password if euid != 0 and
for passwd to put a copy of the new hash in there if it already exists
and is safe etc etc.  That way the vast bulk of current semantics
would hold true yet xlock et al would not need to be set-uid.

BTW I agree with others that the returning of '*' for the passwd to 
non-reserved port does not solve NIS's problems but certainly does 
not make them worse and as such is a good idea.  
Worst case - you could make it configurable behaviour at the 
ypserver end for the benefit of the mythical site that uses a 
non-compatible rpc library.

--sjg