by mail.netbsd.org with SMTP; 13 Jul 2000 07:04:14 -0000
	by wombat.cs.rmit.edu.au (8.9.3/8.9.3/cshub) with ESMTP id RAA24792;
	Thu, 13 Jul 2000 17:03:59 +1000 (EST)
Message-Id: <200007130703.RAA24792@wombat.cs.rmit.edu.au>
From: Luke Mewburn <lukem@cs.rmit.edu.au>
Reply-to: lukem@cs.rmit.edu.au
To: "Steven M. Bellovin" <smb@research.att.com>
Cc: matthew green <mrg@eterna.com.au>,
        tech-security@netbsd.org (NetBSD Security Technical Discussion List)
Subject: Re: group for access to the password database 
In-Reply-To: Your message of "Mon, 10 Jul 2000 13:40:09 -0400 "
	<20000710174023.0B9FF35DC2@smb.research.att.com> 
Date: Thu, 13 Jul 2000 17:03:59 +1000

"Steven M. Bellovin" writes:
>> ... or a little daemon you talk to over a unix socket with creditials,
>> that way there is no set*id program at all.
>
> That's a less-portable solution.  NetBSD is in better shape if it 
> doesn't have to worry about maintaing a patch to xlock et al. for the 
> indefinite future.

Not necessarily; if the communication was done inside getpw*() it
would be transparent to the caller, just as the decision to use
/etc/passwd or /etc/master.passwd in the current code is transparent
to the caller.