An alternative solution would be to also return shadow information to non-root users but leave out the password hashes. This is what pynslcd in experimental currently does.
I *think* that is reasonable and don't see any security issues from exposing the other information from the shadow database. Comments welcome. The ACLs are a nice idea but I don't see them happening really soon unless someone steps up for this. -- -- arthur - [email protected] - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part

