From owner-freebsd-hackers  Mon Nov  3 10:11:22 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id KAA20548
          for hackers-outgoing; Mon, 3 Nov 1997 10:11:22 -0800 (PST)
          (envelope-from owner-freebsd-hackers)
Received: from misery.sdf.com (misery.sdf.com [204.244.210.193])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id KAA20543
          for <hackers@freebsd.org>; Mon, 3 Nov 1997 10:11:19 -0800 (PST)
          (envelope-from tom@sdf.com)
Received: from tom by misery.sdf.com with smtp (Exim 1.73 #1)
	id 0xSQuM-0005Nb-00; Mon, 3 Nov 1997 10:07:26 -0800
Date: Mon, 3 Nov 1997 10:07:24 -0800 (PST)
From: Tom <tom@sdf.com>
To: Eivind Eklund <perhaps@yes.no>
cc: hackers@freebsd.org
Subject: Re: Password verification (Was: cvs commit: ports/x11/kdebase - Imported sources)
In-Reply-To: <199711031005.LAA21994@bitbox.follo.net>
Message-ID: <Pine.BSF.3.95q.971103100454.20666A-100000@misery.sdf.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


On Mon, 3 Nov 1997, Eivind Eklund wrote:

> > > But, how to allow users check only their own password, and still
> > > have the added security of shadow passwords ?  I can only think
> > > in a kind of password checking daemon that would accept commands
> > > on a AF_UNIX socket and some patches to libc pw commands.
> > 
> >   You can always use the pwcheck daemon from the Cyrus module (see ports).
> > It opens a unix socket at /var/pwcheck/pwcheck.  Permissions on the
> > /var/pwcheck directory can be used to determine who can check passwords.
> 
> Is it restricted to only let a user check his own password?  Or could
> we make it only check a users own password fairly easily?

  How would that be useful?

> The simplest solution I can see is to create a /usr/bin/checkpw which
> takes in a username/password on stdin, and checks that the username
> has the same ID as the users real ID, and exits with OK/failure.  (And
> I don't care about the expense of exec'ing a program to check a password
> - checking passwords are supposed to be expensive.)

  I don't find this very useful.  For example, lets say you want a web
server to be able to verify passwords, but the web server is running as a
"www" user, so it can't anything but its own password?  The pwcheck daemon
is a little more useful.  It allows me to have fairly unprivledged servers
check passwords.

> How is the feeling about this kind of program - too much bloat?
> Security problem?  Personally, I want it - less security problem than
> making other programs setuid.
> 
> Eivind.

Tom