[wplug] /etc/master.passwd Was: Re: SpamAssassin -- user_prefs
security hole?
Brandon Kuczenski
brandon at 301south.net
Wed May 26 18:22:49 EDT 2004
> > > /etc/master.passwd (the "shadow password" file) contains a field for defining
> > > which profile each user belongs to, so you can add different users to
> > > different resource limit profiles. If you don't define a profile, the system
> > > gives them the "default" profile, which (as you can see) is unlimited by
> > > default.
> >
> > /etc/shadow in redhat
>
> Correct me if I'm wrong, but I think /etc/master.passwd isn't exactly the
> same as /etc/shadow. At least one of the BSDs use a dbm database for the
> password file, and master.passwd is a plain-text version of the file where
> text changes can be made. A command needs to be run to rebuild the
> password database. If I remember right, it offers a few extra fields than
> /etc/passwd on a linux system does.
>
First of all, <sheepish>I did not finish my sentence -- I got distracted
and then sent the message without finishing it</sheepish> but anyway, i
was going to say that /etc/shadow in redhat has a field which contains the
encrypted password, as well as fields like the min and max time between
password changes, etc. But it doesn't have anything about resource
profiles.
So, yes, it seems like you are right.
One thing that I can't find doco for in the man pages is in /etc/shadow
the password field can also be either '!!' (for login disabled) or '*'
(for ?????????)
-Brandon
More information about the wplug
mailing list