apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <...@covalent.net>
Subject Re: cvs commit: apr/user/unix userinfo.c
Date Thu, 08 Mar 2001 14:24:45 GMT
On 8 Mar 2001, Jeff Trawick wrote:

> rbb@apache.org writes:
>
> >   Allow a way to get the password from the system password database.
> >   Non unix platforms will likely need a similar function.
> >   Submitted by:	John Barbee <jbarbee@covalent.net>
>
> How useful is this?  It certainly isn't portable.  Even some UNIX
> platforms cannot have such a function.
>
> Even with Linux, what happens with shadow passwords?  You'll get "x"
> back for the password, though certainly that is not the encrypted
> password.
>
> If the goal is to validate a password, it is more portable to define a
> function which does that.  Pass it a userid and password and let it
> tell the caller whether or not it worked.
>
> I think the strategy behind this needs to be reworked, and a new
> function with different semantics provided instead of a function to
> try to grab the password.

Of course, you are correct this isn't very portable.  However, with a bit
of time and effort, and can be made portable.  John has discovered exactly
what you say in this message, and he will be working on making this much
more portable in the next few days.

Ryan

_______________________________________________________________________________
Ryan Bloom                        	rbb@apache.org
406 29th St.
San Francisco, CA 94131
-------------------------------------------------------------------------------


Mime
View raw message