From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/2855 Path: news.gmane.org!not-for-mail From: =?ISO-8859-2?Q?Daniel_Cegie=B3ka?= Newsgroups: gmane.linux.lib.musl.general Subject: Re: shadow.h Date: Wed, 27 Feb 2013 09:24:40 +0100 Message-ID: References: <20130226231901.GI6181@port70.net> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 X-Trace: ger.gmane.org 1361953519 759 80.91.229.3 (27 Feb 2013 08:25:19 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 27 Feb 2013 08:25:19 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-2856-gllmg-musl=m.gmane.org@lists.openwall.com Wed Feb 27 09:25:41 2013 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1UAcKZ-0001Z5-4Y for gllmg-musl@plane.gmane.org; Wed, 27 Feb 2013 09:25:39 +0100 Original-Received: (qmail 9702 invoked by uid 550); 27 Feb 2013 08:25:13 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 9681 invoked from network); 27 Feb 2013 08:25:12 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:mime-version:in-reply-to:references:from:date:message-id :subject:to:content-type; bh=cLrPjbiUNOvFZeHVK0DtweotmFeUAy1o6dn/ahFPWC4=; b=WoI13II2t/MZCnvDAzDdROzUFProQr1NxcUyXYFD+HOI8w0QUZWFl2zkqOBjKnFjhd KRhMS3BBlLFSnmB3YUou0yKDlKsLq+OMpK1OTiLV5APnHp0M3kQu3tumyowOdfQe/cf8 hh3vX8J9MwQCEfhp+WZLBD724peRYizHzt15i57Fb+R16i0YptIFFqBovPGZAyJL+oh1 aEhnW7R6+BtLr+sL8M5V9r137JuQRKz10j4H9DeAdhhVoTxssy6n3b1Q/39ig40J1Lf4 mcr3Es87ld5R0qCCgJ1e0sRmDLwg+mlzNUj8JZDzDYNt2BvSgK8nskwIII3s62ApRUsg MhzQ== X-Received: by 10.229.78.155 with SMTP id l27mr485426qck.0.1361953501007; Wed, 27 Feb 2013 00:25:01 -0800 (PST) In-Reply-To: <20130226231901.GI6181@port70.net> Xref: news.gmane.org gmane.linux.lib.musl.general:2855 Archived-At: 2013/2/27 Szabolcs Nagy : > /etc/shadow requires priviledge escalation for password changes > so putspent is dangerous, pam_unix should be deprecated on > modern systems > > http://www.openwall.com/tcb/ > > (i think this already came up a few times, maybe it should be in a faq..) owl's tcb and musl? It's harder than it seems. 1) __crypt_blowfish() in musl isn't compatible with __crypt_blowfish_rn().. so lack of support for owl's __crypt_gensalt_ra() and crypt_ra/rn() etc. (owl's salt and tcb prefixes): http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/tcb/tcb/pam_tcb/support.c?rev=1.12.2.1;content-type=text%2Fplain 2) nss/rpc/yp - but can be easily removed from the owl's tcb. http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/tcb/tcb/libs/nss.c?rev=1.4;content-type=text%2Fplain http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/tcb/tcb/pam_tcb/yppasswd_xdr.c?rev=1.2;content-type=text%2Fplain 3) owl's shadow+tcb requires pam_userpass which requires libpamc (pam client) from Linux-PAM... but it also can be removed. etc... etc. (pam_chpw.c): http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/shadow-utils/shadow-4.0.4.1-owl-tcb.diff?rev=1.5;content-type=text%2Fplain Currently I'm trying to use OpenPAM with musl, but going to use the owl's tcb (without nss). btw. openpam-modules: http://git.overlays.gentoo.org/gitweb/?p=proj/openpam-modules.git;a=tree;h=821a37ad1a2a084c13ac7c0086bd6d1e737b78c4;hb=821a37ad1a2a084c13ac7c0086bd6d1e737b78c4 Best regards, Daniel