An alternative solution would be to also return shadow information to
non-root users but leave out the password hashes. This is what pynslcd
in experimental currently does.

I *think* that is reasonable and don't see any security issues from
exposing the other information from the shadow database.

Comments welcome.

The ACLs are a nice idea but I don't see them happening really soon
unless someone steps up for this.

-- 
-- arthur - [email protected] - http://people.debian.org/~adejong --

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to