getpwnam with md5 encrypted passwds

Terry Lambert tlambert2 at mindspring.com
Thu Nov 27 01:37:53 PST 2003


Peter Pentchev wrote:
> On Wed, Nov 26, 2003 at 02:21:04PM +0100, Kai Mosebach wrote:
> > Looks interesting ... is this method also usable, when i dropped my privs ?
> 
> I think Terry meant pam_authenticate() (not pan), but to answer your
> question: no, when you drop your privileges, you do not have access to
> at least the system's password database (/etc/spwd.db, generated from
> /etc/passwd and /etc/master.passwd by pwd_mkdb(8)).  If this will be any
> consolation, getpwnam() won't return a password field when you have
> dropped root privileges either.

Peter is correct on both counts.  If I had not sen his reply
first, I would have made the same reply.  You cannot crypt
something you cannot read.

-- Terry




More information about the freebsd-hackers mailing list