Date: Mon, 3 Nov 1997 19:02:05 -0200 (EDT) From: Joao Carlos Mendes Luis <jonny@coppe.ufrj.br> To: tom@sdf.com (Tom) Cc: perhaps@yes.no, hackers@FreeBSD.ORG Subject: Re: Password verification (Was: cvs commit: ports/x11/kdebase - Imported sources) Message-ID: <199711032102.TAA09231@gaia.coppe.ufrj.br> In-Reply-To: <Pine.BSF.3.95q.971103100454.20666A-100000@misery.sdf.com> from Tom at "Nov 3, 97 10:07:24 am"
next in thread | previous in thread | raw e-mail | index | archive | help
#define quoting(Tom) // > Is it restricted to only let a user check his own password? Or could // > we make it only check a users own password fairly easily? // // How would that be useful? A lot. You just have not seen the aplication yet... Think in xlock, for the most obvious example. // I don't find this very useful. For example, lets say you want a web // server to be able to verify passwords, but the web server is running as a // "www" user, so it can't anything but its own password? The pwcheck daemon // is a little more useful. It allows me to have fairly unprivledged servers // check passwords. Then what you want is to disable shadow passwords at all ? Or, maybe, that a GROUP of uids could see every other password. It is a way of thinking, and may be useful too. But what do you want to do with other people password without root privs ? "Hey, I know you are who you say you are, but I can do nothing for you. I'm just nobody, sorry". Jonny -- Joao Carlos Mendes Luis jonny@gta.ufrj.br +55 21 290-4698 jonny@coppe.ufrj.br Universidade Federal do Rio de Janeiro UFRJ/COPPE/CISI PGP fingerprint: 29 C0 50 B9 B6 3E 58 F2 83 5F E3 26 BF 0F EA 67
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711032102.TAA09231>