On 18 Jan 1999, Martin Bialasinski wrote: > I heared on Solaris you have a daemon, which takes username/password > and tells you if the combination is OK.
rpc.pwdauthd. Nice idea, but Linux doesn't have (as far as I am aware) any kind of a credentials mechanism so you know you're talking to a _real_ rpc.pwdauthd and not some fake daemon some s|<r1pt kiddie is running. (I'm vague on the exact mechanism involved, but I seem to recall reading about it on either BUGTRAQ or linux-kernel recently.) This is one of the reasons I've never bothered with shadow passwords on Linux - everything must either be suid root or sgid shadow, and that's a lot of power to give to $some_random_program. I just make sure I use 'unguessable' passwords, and I don't have lusers on my boxes. --Jeff
