Lars Hansson wrote:
> On Wednesday 12 April 2006 23:21, Giancarlo Razzolini wrote:
>> I wrote a plugin for Openvpn that does authentication using the passwd
>> or the shadow files
>
> What would be even cooler is a bsd-auth plugin.
>
> ----
> Lars Hansson
>
>
>From the man of the OpenBSD getpwnam(3) function:
These routines have been written to ``shadow'' the password file, i.e.,
allow only certain programs to have access to the encrypted password.
If the process which calls them has an effective UID of 0 or has the
``_shadow'' group in its group vector, the encrypted password will be
returned, otherwise, the password field of the returned structure will
point to the string `*'.
My plugin uses the getpwnam(3) function if you do not set the Makefile
directive USE_SHADOW. The shadow suite only complicated things. Move
encrypted passwords to another file, i agree with that. But writing new
functions to read this file, this is an aberration. My plugin
authenticate from the shadow if you define or from the passwd (read
here: using the original function getpwnam(3)). If the program runs with
the uid 0 (which is the case here), it will successfully authenticate
the user. So it does authentication in BSD systems cause, AFAIK, this
behavior of the getpwnam(3) is present on all BSD derivative systems,
since it was decided to move encrypted passwords to another file (in
OpenBSD, /etc/master.passwd). I wrote the plugin this way because i
still need shadow authentication and many people need it, but nobody
that i have talked to bothered to write the plugin. But, as I'm using
OpenBSD know, i wrote it to work in it too. I believe it works on the
majority, if not all, of unix systems that openvpn runs with minor or no
modifications, but didn't tested it yet. I did test it in some linux
distributions with different kernels and glibc versions and in OpenBSD
3.8. So please, try it, and then report any problemas, suggestions or
comments.
Thanks,
--
Giancarlo Razzolini
Linux User 172199
Moleque Sem Conteudo Numero #002
Slackware Current
OpenBSD Stable
Snike Tecnologia em Informatica
4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
