Fix checking password from /etc/passwd and /etc/shadow
Krzysztof Oledzki
olemx at ans.pl
Thu Sep 25 01:26:03 EST 2003
On Wed, 24 Sep 2003, Michael Steffens wrote:
> Krzysztof Oledzki wrote:
> > Hello,
> >
> > This patch fix order of checking password in systems that contains
> > /etc/shadow file (Linux for example). The order is exactly like in
> > linux-shadow-password package. First is checked /etc/passwd but if
> > password field contains "x" then password is read from /etc/shadow
> > instead.
>
> What is wrong with the current approach of first checking /etc/shadow
> using getspnam, falling back to /etc/passwd if the first didn't return
> anything?
>
> Reversing that order and making the decision depend on a non-zero
> value returned from /etc/passwd ("x", "*", whatever?) looks like
> making it more complicated to me.
If /etc/passwd contains:
aqq::1001:100:Aqq:/home/aqq:/bin/bash
and /etc/shadow:
aqq:!:12319:0:99999:7:::
Then login allows to log this user with empty password but openssh not.
Best Regards,
Krzysztof Olędzki
More information about the openssh-unix-dev
mailing list