tech-security: Re: group for access to the password database

Subject: Re: group for access to the password database
To: None <tech-security@netbsd.org>
From: Matthias Scheler <tron@zhadum.de>
List: tech-security
Date: 07/11/2000 16:39:33

  by mail.netbsd.org with SMTP; 11 Jul 2000 16:40:21 -0000
	for tech-security@netbsd.org; Tue, 11 Jul 2000 18:39:34 +0200 (CEST)
To: tech-security@netbsd.org
Path: not-for-mail
From: tron@zhadum.de (Matthias Scheler)
Newsgroups: netbsd.tech.security
Subject: Re: group for access to the password database
Date: 11 Jul 2000 16:39:33 GMT
Organization: The Source Of All Evil
Lines: 13
Message-ID: <8kfik5$4q1$1@colwyn.zhadum.de>
References: <20000710150101.741C835DC2@smb.research.att.com>
NNTP-Posting-Host: lyssa.zhadum.de
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
NNTP-Posting-Date: 11 Jul 2000 16:39:33 GMT

In article <20000710150101.741C835DC2@smb.research.att.com>,
	"Steven M. Bellovin" <smb@research.att.com> writes:
> *If* xlock should use the login password -- a concept which I'm dubious 
> about -- the proper solution is a mechanism to permit applications to 
> verify the password for their own UID only.

This might not be enough. "xlock" allows the removal of the screen lock
with the "root" password regardless which user is logged in.

	Kind regards

-- 
Matthias Scheler                            http://www.sighardstrasse.de/~tron/