Re: Shadow password files

["Marco Peereboom" <slash@peereboom.us>]

Well the idea of a shadow file is that you don't need 644 just 600.

1 nope. master.passwd is the shadow of passwd. It contains the encrypted
passwords for the user that are in passwd. 

2 nope. Bad, very bad! Not having master.passwd 600 equals to the same
as not having a shadow password in the first place. You are back at
square one.

I use postfix with the SASL2 auth daemon with the getpwent
authentication mechanism. Works pretty well but I don't think it is the
most secure option. Kerberos would arguably be a better alternative

/marco
Ps: this is pre coffee and might contain some uncaffeinated opinions...

> -----Original Message-----
> From: owner-misc@openbsd.org [mailto:owner-misc@openbsd.org] 
> On Behalf Of Geoff Sweet
> Sent: Sunday, February 02, 2003 02:52
> To: misc@openbsd.org
> Subject: Shadow password files
> 
> 
> I am working on implementing smtp-auth patch on my qmail 
> server running OpenBSD 3.1.  I am currently having 
> difficulties with authentication. 
> One of the recommended resolutions is to make sure that my 
> checkpassword program can read the shadow password file.  Now 
> as I dig through google to understand what this means, I am 
> lead to beleive that the shadow file is simply the 
> /etc/passwd file that is generated from the master.passwd 
> file right?  The current permissions are 644.  So my 2 part 
> question is
> this:
> 
> 1 Did I learn correctly that the passwd file is the "shadow 
> password" file.
> 
> 2 Are the permissions correct enough that a program or user 
> could "read" the file?
> 
> Thank you
> Geoff Sweet