tcsh and shadow passwords

To: Debian Development <debian-devel@lists.debian.org>
Cc: Luis Francisco Gonzalez <luisgh@aguere.demon.co.uk>
Subject: tcsh and shadow passwords
From: Luis Francisco Gonzalez <luisgh@aguere.demon.co.uk>
Date: Thu, 8 Jul 1999 19:55:21 +0100
Message-id: <[🔎] 19990708195521.G15232@aguere.demon.co.uk>
Mail-followup-to: Debian Development <debian-devel@lists.debian.org>

[Please CC me any responses as I am currently not subscribed to debian-devel
as my link's bandwidth is rather limited]

Hi,
there was a recent bug report (Bug #40584) about tcsh and the autolock and
autologout features. I have found that the problem is that auto_lock in
tc.func.c is actually calling getspnam and failing to read the password:

    if ((pw = getpwuid(euid)) != NULL &&        /* effective user passwd  */
        (spw = getspnam(pw->pw_name)) != NULL)  /* shadowed passwd        */
        srpp = spw->sp_pwdp;                                                    

Now, this means that auto_lock immediately turns into auto_logout. I am
puzzled as to what I should do. I don't have much experience with shadow so
the question is, is it possible to have tcsh read the shadow file without
it being a security risk?

Thanks,
Luis
-- 
Luis Francisco Gonzalez <luisgh@debian.org>
PGP Fingerprint = F8 B1 13 DE 22 22 94 A1  14 BE 95 8E 49 39 78 76

Reply to:

Follow-Ups:
- Re: tcsh and shadow passwords
  - From: Torsten Landschoff <t.landschoff@gmx.net>

Prev by Date: Another Debian based distribution
Next by Date: Re: BTS web pages have high latency (was Re: "Texinfo has a file conflict with tetex-base!")
Previous by thread: Re: Another Debian based distribution
Next by thread: Re: tcsh and shadow passwords
Index(es):
- Date
- Thread