apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <trawi...@bellsouth.net>
Subject Re: cvs commit: apr/user/unix userinfo.c
Date Thu, 08 Mar 2001 11:24:52 GMT
rbb@apache.org writes:

>   Allow a way to get the password from the system password database.
>   Non unix platforms will likely need a similar function.
>   Submitted by:	John Barbee <jbarbee@covalent.net>

How useful is this?  It certainly isn't portable.  Even some UNIX
platforms cannot have such a function.

Even with Linux, what happens with shadow passwords?  You'll get "x"
back for the password, though certainly that is not the encrypted
password.

If the goal is to validate a password, it is more portable to define a
function which does that.  Pass it a userid and password and let it
tell the caller whether or not it worked.

I think the strategy behind this needs to be reworked, and a new
function with different semantics provided instead of a function to
try to grab the password.

-- 
Jeff Trawick | trawickj@bellsouth.net | PGP public key at web site:
       http://www.geocities.com/SiliconValley/Park/9289/
             Born in Roswell... married an alien...

Mime
View raw message