[54] in linux-security and linux-alert archive
Re: Sh*dow Passwords?
daemon@ATHENA.MIT.EDU (Joseph S. D. Yao)
Tue Mar 7 20:03:12 1995
Date: Tue, 7 Mar 1995 18:16:43 -0500
From: "Joseph S. D. Yao" <jsdy@cais.cais.com>
To: linux-security@tarsier.cv.nrao.edu
Reply-To: linux-security@tarsier.cv.nrao.edu
Marek Michalkiewicz <ind43@ci3ux.ci.pwr.wroc.pl> wrote:
> > . Rewrite the shadow suite from scratch, ...
> I think I might volunteer to help with this. I have spent quite some time
> reading the source of shadow suite and fixing some bugs... (These fixes
> are not released yet, please be patient.)
Problem: if you have worked extensively with the source code, and it is
under legal protection, then it is possible for the author of the
original code to claim that your code is a "derivative work." This is
the argument AT&T was using against Berkeley, which is why some of us
walked around for a while wearing buttons that said [something like]
"My mind has been contaminated." (My button's off in a box somewhere.)
> Just a thought: to stop the whole mess with separate shadow/non-shadow
> binaries, we could do this: make them all shadow-aware, but if there is
> no shadow password, use the non-shadow one instead. Something like this:
It should've been done that way to begin with, in the shadow routines.
Joe Yao jsdy@cais.com - Joseph S. D. Yao
