tech-security: Re: replacement for /etc/passwd

Subject: Re: replacement for /etc/passwd
To: None <tech-security@netbsd.org>
From: Alan Post <apost@interwoven.com>
List: tech-security
Date: 12/11/2002 15:53:32

Thanks for pointing this out.

It looks to me like it is very similar to the solutions we've been
discussing (using setgid to enforce password-changing restrictions).
Any chance of this sort of scheme getting into netbsd, if it were
adapted?

  Alan

* Niels Provos (provos@citi.umich.edu) [021211 15:40]:
> On Tue, Dec 10, 2002 at 03:51:34AM +0000, Alan Post wrote:
> > Currently the utilities for changing /etc/passwd are setuid root.
> Owl solved this problem a while ago.  I suggest that you investigate
> their solution:
> 
> http://www.openwall.com/presentations/core02-owl-html+images/mgp00019.html
> http://www.openwall.com/presentations/core02-owl-html+images/mgp00020.html
> http://www.openwall.com/presentations/core02-owl-html+images/mgp00021.html
> http://www.openwall.com/presentations/core02-owl-html+images/mgp00022.html
> 
> Niels.