Ken Raeburn a écrit :
> Aurelien Jarno wrote:
>> Wouldn't it be possible to also use Kerberos for shadow information, as
>> it is actually where the encrypted passwords are stored?
> Kerberos doesn't necessarily have the information in its database, and 
> the protocol provides no way to pass the information around.
>> Other nsswitch modules provide both interfaces, because there is
>> actually a shadow database. Hesiod does not provide a shadow database.
>> The only thing that can be done is to provide functions that will always
>> return an error. Not sure it is really useful.
> If that's the model -- that it's permissible for there not to be shadow 
> data -- then yes, the Hesiod code is okay and this is a pam bug...

It's permissible, but as said not really useful. That won't change the
value returned by getspnam(), which already return -1 when an entry is
not found. This returned value simply means that shadow entry exists for
the given name.

Aurelien Jarno                          GPG: 1024D/F1BCDB73       

To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact

Reply via email to