emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

[svn-upgrade] Integrating new upstream version, shadow (4.0.14)

Browse Source
This commit is contained in:
nekral-guest
2007-10-07 11:47:11 +00:00
parent 8451bed8b0
commit 24178ad677
502 changed files with 27080 additions and 14708 deletions
Download Patch File Download Diff File Expand all files Collapse all files

118
doc/LICENSE
View File

@@ -1,118 +0,0 @@
NOTE:
This license has been obsoleted by the change to the BSD-style copyright.
You may continue to use this license if you wish, but you are under no
obligation to do so.
(*
This document is freely plagiarised from the 'Artistic Licence',
distributed as part of the Perl v4.0 kit by Larry Wall, which is
available from most major archive sites. I stole it from CrackLib.
$Id: LICENSE,v 1.2 1997/05/01 23:14:30 marekm Exp $
*)
This documents purpose is to state the conditions under which this
Package (See definition below) viz: "Shadow", the Shadow Password Suite
which is held by Julianne Frances Haugh, may be copied, such that the
copyright holder maintains some semblance of artistic control over the
development of the package, while giving the users of the package the
right to use and distribute the Package in a more-or-less customary
fashion, plus the right to make reasonable modifications.
So there.
***************************************************************************
Definitions:
A "Package" refers to the collection of files distributed by the
Copyright Holder, and derivatives of that collection of files created
through textual modification, or segments thereof.
"Standard Version" refers to such a Package if it has not been modified,
or has been modified in accordance with the wishes of the Copyright
Holder.
"Copyright Holder" is whoever is named in the copyright or copyrights
for the package.
"You" is you, if you're thinking about copying or distributing this
Package.
"Reasonable copying fee" is whatever you can justify on the basis of
media cost, duplication charges, time of people involved, and so on.
(You will not be required to justify it to the Copyright Holder, but
only to the computing community at large as a market that must bear the
fee.)
"Freely Available" means that no fee is charged for the item itself,
though there may be fees involved in handling the item. It also means
that recipients of the item may redistribute it under the same
conditions they received it.
1. You may make and give away verbatim copies of the source form of the
Standard Version of this Package without restriction, provided that you
duplicate all of the original copyright notices and associated
disclaimers.
2. You may apply bug fixes, portability fixes and other modifications
derived from the Public Domain or from the Copyright Holder. A Package
modified in such a way shall still be considered the Standard Version.
3. You may otherwise modify your copy of this Package in any way,
provided that you insert a prominent notice in each changed file stating
how and when AND WHY you changed that file, and provided that you do at
least ONE of the following:
a) place your modifications in the Public Domain or otherwise make them
Freely Available, such as by posting said modifications to Usenet or an
equivalent medium, or placing the modifications on a major archive site
such as uunet.uu.net, or by allowing the Copyright Holder to include
your modifications in the Standard Version of the Package.
b) use the modified Package only within your corporation or organization.
c) rename any non-standard executables so the names do not conflict with
standard executables, which must also be provided, and provide separate
documentation for each non-standard executable that clearly documents
how it differs from the Standard Version.
d) make other distribution arrangements with the Copyright Holder.
4. You may distribute the programs of this Package in object code or
executable form, provided that you do at least ONE of the following:
a) distribute a Standard Version of the executables and library files,
together with instructions (in the manual page or equivalent) on where
to get the Standard Version.
b) accompany the distribution with the machine-readable source of the
Package with your modifications.
c) accompany any non-standard executables with their corresponding
Standard Version executables, giving the non-standard executables
non-standard names, and clearly documenting the differences in manual
pages (or equivalent), together with instructions on where to get the
Standard Version.
d) make other distribution arrangements with the Copyright Holder.
5. You may charge a reasonable copying fee for any distribution of this
Package. You may charge any fee you choose for support of this Package.
YOU MAY NOT CHARGE A FEE FOR THIS PACKAGE ITSELF. However, you may
distribute this Package in aggregate with other (possibly commercial)
programs as part of a larger (possibly commercial) software distribution
provided that YOU DO NOT ADVERTISE this package as a product of your
own.
6. The name of the Copyright Holder may not be used to endorse or
promote products derived from this software without specific prior
written permission.
7. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
The End

20
doc/LSM
View File

@@ -1,20 +0,0 @@
Begin3
Title: Shadow Password Suite
Version: 20000902
Entered-date: 02SEP00
Description: Shadow password file utilities. This package includes
the programs necessary to convert traditional V7 UNIX
password files to the SVR4 shadow password format, and
additional tools to maintain password and group files
(that work with both shadow and non-shadow passwords).
Keywords: login passwd security shadow
Author: jockgrrl@ix.netcom.com (Julianne F. Haugh)
Maintained-by: kloczek@rudy.mif.pg.gda.pl (Tomasz Kloczko)
marekm@linux.org.pl (Marek Michalkiewicz) - previous maintainer
Primary-site: ftp://ftp.pld.org.pl/software/shadow/
718K shadow-20000902.tar.gz
Alternate-site: ftp://ftp.pld.org.pl/software/shadow/
Original-site: ftp.uu.net ?
Platforms: Linux, SunOS, ...
Copying-policy: FRS
End

5
doc/Makefile.am
View File

@@ -1,6 +1,5 @@
# This is a dummy Makefile.am to get automake work flawlessly,
# and also cooperate to make a distribution for `make dist'
EXTRA_DIST = HOWTO LICENSE LSM README \
README.limits README.linux README.nls README.pam \
README.platforms WISHLIST console.c.spec.txt cracklib26.diff
EXTRA_DIST = HOWTO README.limits \
README.platforms WISHLIST console.c.spec.txt cracklib26.diff

7
doc/Makefile.in
View File

@@ -39,7 +39,7 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = doc
DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/acinclude.m4 \
$(top_srcdir)/configure.in
@@ -177,9 +177,8 @@ sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
EXTRA_DIST = HOWTO LICENSE LSM README \
README.limits README.linux README.nls README.pam \
README.platforms WISHLIST console.c.spec.txt cracklib26.diff
EXTRA_DIST = HOWTO README.limits \
README.platforms WISHLIST console.c.spec.txt cracklib26.diff
all: all-am

253
doc/README
View File

@@ -1,253 +0,0 @@
[ $Id: README,v 1.5 2000/10/16 21:34:39 kloczek Exp $ ]
This is the explanatory document for Julianne Frances Haugh's login
replacement, release 3. This document was last updated 16 Feb 1997.
This software is copyright 1988 - 1997, Julianne F. Haugh. All rights
reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of Julianne F. Haugh nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
This source code is currently archived on ftp.uu.net in the
comp.sources.misc portion of the USENET archives. You may also contact the
author, Julianne F. Haugh, at jockgrrl@ix.netcom.com if you have any
questions regarding this package.
THIS SOFTWARE IS BEING DISTRIBUTED AS-IS. THE AUTHORS DISCLAIM ALL
LIABILITY FOR ANY CONSEQUENCES OF USE. THE USER IS SOLELY RESPONSIBLE
FOR THE MAINTENANCE OF THIS SOFTWARE PACKAGE. THE AUTHORS ARE UNDER NO
OBLIGATION TO PROVIDE MODIFICATIONS OR IMPROVEMENTS. THE USER IS
ENCOURAGED TO TAKE ANY AND ALL STEPS NEEDED TO PROTECT AGAINST ACCIDENTAL
LOSS OF INFORMATION OR MACHINE RESOURCES.
Special thanks are due to Chip Rosenthal for his fine testing efforts;
to Steve Simmons for his work in porting this code to BSD; and to Bill
Kennedy for his contributions of LaserJet printer time and energies.
Also, thanks for Dennis L. Mumaugh for the initial shadow password
information and to Tony Walton (olapw@olgb1.oliv.co.uk) for the System
V Release 4 changes. Effort in porting to SunOS has been contributed
by Dr. Michael Newberry (miken@cs.adfa.oz.au) and Micheal J. Miller, Jr.
(mke@kaberd.rain.com). Effort in porting to AT&T UNIX System V Release
4 has been provided by Andrew Herbert (andrew@werple.pub.uu.oz.au).
Special thanks to Marek Michalkiewicz (marekm@i17linuxb.ists.pwr.wroc.pl)
for taking over the Linux port of this software.
New for Release 3.3:
User-defined authentication has been added. This allows you to
write programs to replace the password authentication method
which uses the crypt() function.
The CrackLib password checking library is supported as of release
3.3.0. It allows you to perform pro-active password checking as
each password is changed.
Warning:
The newuser command will be removed in a later release.
The libsec.a library will be removed at some point after
version 3.3.3.
This software is described in the 3rd USENIX Security Symposium
proceedings. These proceedings are available from
USENIX Association
2560 Ninth Street, Suite 215
Berkeley, CA 94710
The current price is $30 for USENIX members and $39 for non-members.
Begin by reading and editing the config.h file. All options are selected
by using #define's. A brief description for each available option appears
below. You may want to print this file out as it is LONG and you will
need to refer to it while editting config.h. You will also have to edit
the Makefile. The possible differences are documented there. Pay close
attention to the install: rule. Login now runs on about 30 different
varieties of UNIX that I have been made aware of. If you have any qualms,
you should run "make save" before running "make install". If something
breaks you can use "make restore" to put things back. In any case, you
should have a recent system backup as the potential for serious damage
exists.
There are special Makefile and config.h files for SVR4, SunOS 4.1, and
Linux systems. If there is a major UNIX variant that you would like to
see supported, please send working Makefile and config.h files and I will
try to include then in the base distribution.
Note that there are MANY options. As distributed most options are turned
on, which produces a really nice package. This is the system as used on
some of the authors' machines. There are many options which may be
selected at run time. You should refer to the login.5 manual page for
more information regarding these options.
There are several files which you may have to replace. If your system has
a lastlog.h file, you should replace the one which I provide with your
system version. The pwd.h file that is produced by "make" must agree
exactly with the system supplied version. You should re-arrange the
fields or #define's until they match. The same is true for "shadow.h",
if you system provides one. You may want to replace large portions of
that file (or the entire file) with your system version. It is provided
for those systems which do NOT provide /usr/include/shadow.h. If you
do not have a the crypt() function in your library (perhaps because you
are located outside the United States), you may wish to look into the
UFC-crypt package which was posted to comp.sources.misc in volume 23,
issues 97 and 98.
Login Defaults File -
This option selects the name of the file to read for the
run-time configurable options. The default value for
LOGINDEFS is "/etc/login.defs".
Shadow [ unreadable ] Password Files -
This option utilizes an alternate, non-readable file to
contain the actual encrypted passwords. This is presumed
to increase system security by increasing the difficulty
with which system crackers obtain encrypted passwords.
Select this option by defining the SHADOWPWD macro.
This feature is optional, but only certain commands may
be compiled with this option disabled.
Shadow Group Files -
This option utilizes an alternate, non-readable file to
contain encrypted group passwords and group administrator
information.
This feature allows one or more users to be defined as
the administrators of a group for the purpose of adding
or deleting members and changing the group password.
Select this option by defining the SHADOWGRP macro. You
must also create an emptry /etc/gshadow file. You must
select the SHADOWPWD option if you select SHADOWGRP.
DBM Password Files -
This option utilizes the DBM database access routines to
increase the performance of user name and ID lookups in the
password file. You may select the NDBM database instead
and have DBM-style access to all user information files.
Select this option by defining both the DBM and GETPWENT
macros. The FGETPWENT macro must also be defined or the
fgetpwent() library routine must be present.
Double Length Passwords -
This option extends the maximum length of a user password
to 16 characters from eight.
Select this option by defining the DOUBLESIZE macro.
Credit for this option is due Jonathan Bayer.
Password Aging -
This option includes code to perform password aging.
Password aging is presumed to increase system security
by forcing users to change passwords on a regular
basis. The resolution on password age is in weeks for
non-shadow password systems and in days otherwise.
Select this option by defining the AGING macro.
Syslog -
This option causes the code to log various errors or
special conditions to the syslog daemon. The types of
information that are logged security violations, changes
to the user database, and program errors.
Select syslog processing by defining the USE_SYSLOG
macro.
Remote Login -
This option causes certain network login code to be
inserted to enable the "rlogin" and "telnet" commands to
work. To enable network logins, define the RLOGIN macro.
If your <utmp.h> file includes a ut_host member, you must
also define the UT_HOST macro. Note that SVR4 has a
"utmpx" file to hold the ut_host member, so UT_HOST is
not required.
Directory Reading Routines -
Three different macros are defined for opening and reading
directories. They are DIR_XENIX, DIR_BSD, and DIR_SYSV.
Refer to config.h for more details.
Library Configuration Macros -
The following macros define the functions which are present
in your system library:
HAVE_ULIMIT - Define if your UNIX supports ulimit()
GETPWENT - Define if you want my GETPWENT(3) routines
GETGRENT - Define if you want my GETGRENT(3) routines
NEED_AL64 - Define if library does not include a64l()
NEED_MKDIR - Define if system does not have mkdir()
NEED_RMDIR - Define if system does not have rmdir()
NEED_RENAME - Define if system does not have rename()
NEED_STRSTR - Define if library does not include strstr()
Password File Information -
The following macros define the fields which are present in
your system password file. Because the system was compiled
to use the password file in its original form, these macros
must agree with the actual contents of the file.
BSD_QUOTA - the pw_quota field exists
ATT_AGE - the pw_age field exists
ATT_COMMENT - the pw_comment field exists
Signal Return Type -
Because different systems return different data types for
the signal() system call, you must define SIGTYPE to be
the data type your system uses. The default is "int", but
"void" is another popular value.
SunOS 4.1.1 Notes: (mke@kaberd.rain.com) Michael J. Miller Jr.
[ These notes were edited from the original. The standard Makefile
and config.h have notes indicating the changes required for SunOS.
Steve Allen at Lick has been working on cleaning up this platform. ]
You'll need to do the following to get the shadow password dist to
compile on a sun 4.1.1 system.
If using csh, then type 'rehash'. cd to the /etc directory and type
'pwconv'. This will create two files, nshadow and npasswd.
now type 'mkpasswd -f nshadow' and 'mkpasswd -f npasswd'. This will
create the shadow password file.
Note: ftp will still use the old password file. Modified versions of
ftpd are available, or you may modify the version of ftpd from
any of the freely redistributable ftpd clones.
Note: If you run suns pcnfs, be aware that it will still be looking at the
old password file as well. I may work out a patch for this, as I am
fairly certain the stuff on the sun side comes with source.
Note: I have compiled this package with the standard c compiler and
suns unbundled c compiler at an optomization level of 2 in
both casses. Haven't tried gcc yet, so I don't know wether it
works. Same goes for suns C++ compiler.
Note: Has been compiled on a sun 3/75 running sunos 4.1.1. Should compile
fine on sun 4's running 4.1.1, and may compile on suns running
4.1. Have no idea what sort of success people will have that
are running 4.03 and older versions.

166
doc/README.linux
View File

@@ -1,166 +0,0 @@
$Id: README.linux,v 1.21 2000/10/16 21:34:39 kloczek Exp $
This is the shadow suite hacked a bit for Linux. See CHANGES for
short description of changes. See also WISHLIST if you have too
much time on your hands :-). Now that copyright issues have been
resolved, the most important thing is testing. Please test this
code as much as you can, and report any problems. At this point,
I made so many changes that any bugs are probably mine.
This package uses GNU autoconf, so it should be quite portable
- but it hasn't been tested much on anything but Linux/x86.
Long time ago, it has been reported to work on SunOS 4.1.x,
and recently there has been some success on Solaris 2.x and Irix.
I'd like to compile a current list of platforms this package is
known to work on - if you get it to work on some new OS (non-x86
Linux, or non-Linux), please let me know. Please specify: host
type guessed by autoconf, libc version, distribution, changes
you needed to make (if any), etc. Please see README.platforms
for the current (incomplete - I know there are more...) list of
platforms this package is known to work on.
There is a developers mailing list. It has moved again, and is
now hosted by SuSE - thanks to Thorsten Kukuk <kukuk@suse.de>.
Send the command "subscribe shadow" to majordomo@suse.com to
subscribe if you are interested. To send mail to everyone on
the list, send it to shadow@suse.com.
Before reporting bugs, please check if they still exist in my latest
development snapshot. Every few weeks I make a new version available
at the following URLs:
ftp://piast.t19.ds.pwr.wroc.pl/pub/linux/shadow/
ftp://ftp.ists.pwr.wroc.pl/pub/linux/shadow/
http://www.itnet.pl/amelektr/linux/shadow/
(there are also mirror sites, see README.mirrors).
After installation, please remember to remove any old binaries like
/bin/passwd (this version installs /usr/bin/passwd). If your passwd
program doesn't like the new /etc/login.defs settings, and complains
about "configuration error", this is most likely the problem.
Current versions of the Linux C library (both libc 5.x and glibc 2.x)
have the shadow support, including MD5-based crypt(), built in.
Because of this, libshadow.a will build without these functions,
and the ones from libc will be used instead. Currently, libshadow.a
is for internal use only, so if you see -lshadow in a Makefile of
some other package, it is safe to remove it.
Remember that shadow passwords will not make your system more secure
if your distribution has gaping holes which let any user become root.
Some distributions, especially the older ones, are much like SunOS 4.1
without any security patches installed :-). Read the linux-security
mailing list archives, and plug all holes before attempting to install
the shadow suite.
Very old versions of this package (shadow-3.3.x, shadow-mk) had a few
nasty security holes, too. Please use the latest version if possible.
Encrypted passwords are not readable, but it is highly recommended
to use cracklib with a big dictionary to prevent users from choosing
weak passwords. This way if someone ever gets access to /etc/shadow
(for example, because of some not yet discovered bug), they will not
get half of the passwords using Crack... There is a configure option
to use cracklib, I haven't tested it myself but I'm told it works.
The code feels like stabilizing now - while still BETA, it should
work quite well. Many bugs have been fixed, but there may be still
a few lurking. Again, please test it and report any problems.
Thanks to Julianne Frances Haugh <jockgrrl@ix.netcom.com> who wrote the thing
in the first place, sent me the latest version, and released it under
a "free" BSD-style license, so that it can be included in Linux
distributions (at least Debian 1.3 and Slackware 3.2 are already
doing that; Debian and Red Hat packaging standards are supported in
the standard source tree). David Frey <David.Frey@lugs.ch>, Michael
Meskes <meskes@topsystem.de> and Guy Maor <maor@debian.org> have
done a lot of work to integrate shadow passwords into Debian Linux.
Ben Collins <bcollins@debian.org> maintains this package for Debian
and added complete PAM support, now available in Debian 2.2.
Thanks to Bradley Glonka <bradley@123.net> of Linux System Labs
(http://www.lsl.com/) for sending me a free Red Hat 4.2 CD-ROM,
making it possible to test this package on this distribution.
Special thanks to Michael H. Jackson <mhjack@tscnet.com> who wrote
the Linux Shadow Password HOWTO. Special thanks to Greg Gallagher
<ggallag@orion.it.luc.edu> and Jon Lewis for maintaining the
developers mailing list for a long time.
Thanks to Maciej 'Tycoon' Majchrowski <tycoon@piast.t19.ds.pwr.wroc.pl>
for ftp server space on piast.t19.ds.pwr.wroc.pl, and to Pawel Wiecek
<coven@pwr.wroc.pl> for keeping bach.ists.pwr.wroc.pl up and running.
Ian Jackson <iwj10@cus.cam.ac.uk> criticized the current shadow password
system (see the linux-security mailing list archives). We disagree on
some points, but this started a discussion on possible better solutions.
Theodore Ts'o <tytso@mit.edu> has started a new project to implement
Pluggable Authentication Modules - a relatively new standard API which
makes it easier to add new authentication mechanisms (it's more than
just shadow passwords). See http://parc.power.net/morgan/Linux-PAM/ for
more information. (XXX - this URL has changed, I have to check where
PAM is now... -MM)
Thanks to at least the following people for sending me patches, bug
reports and various comments. This list may be incomplete, I received
a lot of mail...
John Adelsberger <jja@umr.edu>
Martin Bene <mb@sime.com>
Luca Berra <bluca@www.polimi.it>
Darcy Boese <possum@chardonnay.niagara.com>
Judd Bourgeois <shagboy@bluesky.net>
Ulisses Alonso Camaro <ulisses@pusa.eleinf.uv.es>
Ed Carp <ecarp@netcom.com>
Rani Chouha <ranibey@smartec.com>
Ben Collins <bcollins@debian.org>
Joshua Cowan <jcowan@hermit.reslife.okstate.edu>
Alan Curry <pacman@tardis.mars.net>
Frank Denis <j@4u.net>
Hrvoje Dogan <hdogan@bjesomar.srce.hr>
Chris Evans <lady0110@sable.ox.ac.uk>
Marc Ewing <marc@redhat.com>
Janos Farkas <chexum@bankinf.banki.hu>
Werner Fink <werner@suse.de>
Floody <flood@evcom.net>
David Frey <David.Frey@lugs.ch>
Brian R. Gaeke <brg@dgate.org>
Cristian Gafton <gafton@sorosis.ro>
Anton Gluck <gluc@midway.uchicago.edu>
Dave Hagewood <admin@arrowweb.com>
Jonathan Hankins <jhankins@mailserv.homewood.k12.al.us>
Juergen Heinzl <unicorn@noris.net>
Joey Hess <joey@kite.ml.org>
Tim Hockin <thockin@eagle.ais.net>
David A. Holland <dholland@hcs.harvard.edu>
Andreas Jaeger <aj@arthur.rhein-neckar.de>
Timo Karjalainen <timok@iki.fi>
Calle Karlsson <ckn@kash.se>
Sami Kerola <kerolasa@rocketmail.com>
Thorsten Kukuk <kukuk@suse.de>
Jon Lewis <jlewis@lewis.org>
Pavel Machek <pavel@bug.ucw.cz>
Guy Maor <maor@debian.org>
Martin Mares <mj@gts.cz>
Rafal Maszkowski <rzm@torun.pdi.net>
Nikos Mavroyanopoulos <nmav@i-net.paiko.gr>
Michael Meskes <meskes@topsystem.de>
Arkadiusz Miskiewicz <misiek@pld.org.pl>
Greg Mortensen <loki@world.std.com>
Mike Pakovic <mpakovic@users.southeast.net>
Steve M. Robbins <steve@nyongwa.montreal.qc.ca>
Adam Rudnicki <adam@v-lo.krakow.pl>
Algis Rudys <arudys@rice.edu>
Lutz Schwalowsky <schwalow@mineralogie.uni-hamburg.de>
Jay Soffian <jay@lw.net>
Aniello Del Sorbo <anidel@edu-gw.dia.unisa.it>
Juha Virtanen <jiivee@iki.fi>
Michael Talbot-Wilson <mike@calypso.bns.com.au>
Jesse Thilo <Jesse.Thilo@pobox.com>
Shane Watts <shane@nexus.mlckew.edu.au>
Alexander O. Yuriev <alex@bach.cis.temple.edu>
Leonard N. Zubkoff <lnz@dandelion.com>
If you want to be added here, or your e-mail address changes,
please let me know. Thanks.
-- Marek Michalkiewicz <marekm@linux.org.pl>

30
doc/README.nls
View File

@@ -1,30 +0,0 @@
I've added in password suite 980724 nls and locale support (currently
only for greek). Before compiling (configuring) you must have set the
environment variable LINGUAS=el for greek or LINGUAS="" just for english.
To see your language at login (to the other programs export LANG=el is
enough) when you enter your login add LANG=xx, where xx is your language.
An other way to accomplish it is change the variable ENVIRON_FILE in
/etc/login.defs from /etc/environment to .environment. Thus any user
can add, to his .environment file, his language eg. LANG=el.
Nikos Mavroyanopoulos
nmav@i-net.paiko.gr
Note: i18n support as of this release (981218) can have some rough
edges - because of the large number of files updated, there is always
a possibility that I have introduced some new bugs. There are also
potential security problems in GNU gettext (both the included one and
one found in glibc 2.0.x) related to environment variables (LANG,
LANGUAGE, LC_*, NLSPATH) when used in setuid programs. I have tried
to work around them in sanitize_env() but no guarantees. The problem
has been reported to the gettext maintainer.
Also, you may not be able to legally distribute binaries compiled
with included gettext (GPL and BSD-like licenses are not compatible).
I believe that distribution in the same source archive is OK though
(it's a "mere aggregation of another work not based on the Program
with the Program" - here Program == gettext library - "on a volume of
a storage or distribution medium"). Please tell the FSF politely that
they should consider changing the gettext license to LGPL. Thanks!
Marek

34
doc/README.pam
View File

@@ -1,34 +0,0 @@
About PAM support in the Shadow Password Suite
Warning: this code is still considered BETA. It needs more testing.
Please let me know if it works, or if something doesn't work.
Use "./configure --with-libpam" to enable PAM support in the login,
passwd and su applications.
When compiled with PAM support enabled, the following traditional features
of the shadow suite are not implemented directly in the applications -
instead, they should be implemented in the PAM modules.
login:
- /etc/login.access
- /etc/porttime
- resource limits
- console groups
- password expiration / password strength checks
- /etc/motd and mail check
passwd:
- administrator defined authentication methods
- password expiration
- password strength checks
su:
- wheel group
- console groups
- su access control (/etc/suauth)
- password expiration
- time restrictions
- resource limits

13
doc/WISHLIST
View File

@@ -1,4 +1,4 @@
$Id: WISHLIST,v 1.24 2000/08/26 18:27:09 marekm Exp $
$Id: WISHLIST,v 1.25 2005/12/11 16:14:00 kloczek Exp $
This is my wishlist for the shadow suite, in no particular order. Feel
free to do anything from this list and mail me the diffs :-).
@@ -13,39 +13,28 @@ New ideas to add to this list are welcome, too. --marekm
- fix all the bugs, of course
- implement "su only" accounts (no logins, only su from other account)
- rewrite getdef.c to be more general? (no hardcoded names)
- update man pages to reflect all the changes (real programmers ... :-)
- patch for rlogind/telnetd to create utmp entry and fill in ut_addr
- fix the usermod -l bug properly [for now it's OK - #undef AUTH_METHODS]
- option to specify encrypted password in passwd (for yppasswdd, so it
doesn't need to know about shadow/non-shadow); should probably use a pipe
(less insecure than command line arguments)
- add support for changing NIS passwords
- clean up NDBM support, do it in the library and not in all programs
- add option to check passwords by piping them to external programs
- add functionality of the contrib/rpasswd.c wrapper to passwd
- option to generate pronounceable passwords (like on SCO), external program?
- poppassd (remote password change for eudora etc.)
- add support for passwd/shadow db files (glibc)
- better documentation
- su -l, -m, -p, -s options (as in GNU su) - done in the Debian patches
- vipw: check password files for errors after editing
- clean up login utmp(x) handling code
- add "maximum time users allowed to stay logged in" limit option to logoutd
- handle quotes in /etc/environment like the shell does (but sshd doesn't...)
- write man pages: dialups.5, d_passwd.5
- better utmpx support (logoutd, ...)
- better OPIE support (report number of logins left, etc.)
- new option for /etc/suauth: don't load user's environment (force "su -")
suggested by Ulisses Alonso Camaro
- clean up error messages - "program_name: text of error message\n"
(maybe some common code for common messages about failing to lock/open
something)
- find out why recent releases won't compile on Solaris
- newusers UID/GID selection algorithm should be the same as useradd
(and use UID_MIN, UID_MAX from login.defs)
- newusers should be able to copy /etc/skel to the new home directory
(like useradd)
- integrate the changes from Debian (complete PAM support, bug fixes)
- add directories where other packages can add hooks for package-specific
per-user configuration, to be executed with run-parts. Some hooks should
be executed at package install time for existing users, likewise for