From owner-freebsd-hackers  Mon Nov  3 13:03:03 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id NAA03373
          for hackers-outgoing; Mon, 3 Nov 1997 13:03:03 -0800 (PST)
          (envelope-from owner-freebsd-hackers)
Received: from gaia.coppe.ufrj.br (cisigw.coppe.ufrj.br [146.164.5.200])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id NAA03353
          for <hackers@FreeBSD.ORG>; Mon, 3 Nov 1997 13:02:33 -0800 (PST)
          (envelope-from jonny@coppe.ufrj.br)
Received: (from jonny@localhost)
	by gaia.coppe.ufrj.br (8.8.7/8.8.7) id TAA09231;
	Mon, 3 Nov 1997 19:02:05 -0200 (EDT)
	(envelope-from jonny)
From: Joao Carlos Mendes Luis <jonny@coppe.ufrj.br>
Message-Id: <199711032102.TAA09231@gaia.coppe.ufrj.br>
Subject: Re: Password verification (Was: cvs commit: ports/x11/kdebase - Imported sources)
In-Reply-To: <Pine.BSF.3.95q.971103100454.20666A-100000@misery.sdf.com> from Tom at "Nov 3, 97 10:07:24 am"
To: tom@sdf.com (Tom)
Date: Mon, 3 Nov 1997 19:02:05 -0200 (EDT)
Cc: perhaps@yes.no, hackers@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL32 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

#define quoting(Tom)
// > Is it restricted to only let a user check his own password?  Or could
// > we make it only check a users own password fairly easily?
// 
//   How would that be useful?

A lot.  You just have not seen the aplication yet...

Think in xlock, for the most obvious example.

//   I don't find this very useful.  For example, lets say you want a web
// server to be able to verify passwords, but the web server is running as a
// "www" user, so it can't anything but its own password?  The pwcheck daemon
// is a little more useful.  It allows me to have fairly unprivledged servers
// check passwords.

Then what you want is to disable shadow passwords at all ?

Or, maybe, that a GROUP of uids could see every other password.
It is a way of thinking, and may be useful too.

But what do you want to do with other people password without
root privs ?  "Hey, I know you are who you say you are, but
I can do nothing for you.  I'm just nobody, sorry".

					Jonny

--
Joao Carlos Mendes Luis			jonny@gta.ufrj.br
+55 21 290-4698				jonny@coppe.ufrj.br
Universidade Federal do Rio de Janeiro	UFRJ/COPPE/CISI
PGP fingerprint: 29 C0 50 B9 B6 3E 58 F2  83 5F E3 26 BF 0F EA 67