From owner-freebsd-hackers@FreeBSD.ORG  Thu Nov 27 01:36:16 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 21B4716A4CE
	for <freebsd-hackers@freebsd.org>;
	Thu, 27 Nov 2003 01:36:16 -0800 (PST)
Received: from heron.mail.pas.earthlink.net (heron.mail.pas.earthlink.net
	[207.217.120.189])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 55D3343FAF
	for <freebsd-hackers@freebsd.org>;
	Thu, 27 Nov 2003 01:36:15 -0800 (PST)
	(envelope-from tlambert2@mindspring.com)
Received: from user-38lc14c.dialup.mindspring.com ([209.86.4.140]
	helo=mindspring.com)
	by heron.mail.pas.earthlink.net with asmtp (SSLv3:RC4-MD5:128)
	(Exim 3.33 #1)	id 1APIZB-000697-00; Thu, 27 Nov 2003 01:36:06 -0800
Message-ID: <3FC59F4C.AE917AB8@mindspring.com>
Date: Wed, 26 Nov 2003 22:53:00 -0800
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.79 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Peter Pentchev <roam@ringlet.net>
References: <3FC49DA6.54459AD6@mindspring.com>
	<20031126132058.A663915E12E@dust.freshx.de>
	<20031126140530.GB307@straylight.m.ringlet.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-ELNK-Trace: b1a02af9316fbb217a47c185c03b154d40683398e744b8a47de339922189b2d1b9797e07377d12da93caf27dac41a8fd350badd9bab72f9c350badd9bab72f9c
cc: freebsd-hackers@freebsd.org
cc: Kai Mosebach <kai@freshx.de>
Subject: Re: getpwnam with md5 encrypted passwds
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Nov 2003 09:36:16 -0000

Peter Pentchev wrote:
> On Wed, Nov 26, 2003 at 02:21:04PM +0100, Kai Mosebach wrote:
> > Looks interesting ... is this method also usable, when i dropped my privs ?
> 
> I think Terry meant pam_authenticate() (not pan), but to answer your
> question: no, when you drop your privileges, you do not have access to
> at least the system's password database (/etc/spwd.db, generated from
> /etc/passwd and /etc/master.passwd by pwd_mkdb(8)).  If this will be any
> consolation, getpwnam() won't return a password field when you have
> dropped root privileges either.

Peter is correct on both counts.  If I had not sen his reply
first, I would have made the same reply.  You cannot crypt
something you cannot read.

-- Terry