> And as noted, you do need root to run the program. But if you > are root you don't really need it. A simple Perl script or even > simpler shell script will do. Normally the /tcb/files/ tree is owned > by auth.auth and not world readable. But, um, if you're root all bets > are off anyway. You don't actually need the passwords. The one thing that a lot of people miss with Digital UNIX is that when you use Enhanced Security in conjunction with NIS, the entire "protected" password subsystem is available as the NIS map prpasswd. This contains, amongst other things, the password hash value. Then your perl or sh script can just harvest these trivially. Why you want to run a C2 secure system and then use NIS is beyond me, but at least it gives you nifty password controls... The one thing that CAN cause problems is that Digital UNIX can use nonstandard hash algorithms (bigcrypt(), crypt16() and C1crypt()) as well as the normal crypt(). Not only does this make coding slightly complicated (as you have to get the correct hash algorithm, but when a password is created within an Enhanced Security environment that is over eight characters in length, another password round is created AFTER the original to contain the rest of the password. This doesn't make things impossible, just difficult - Digital kindly provide a set of system calls to do most of this for you. -jon. -- Jon Morgan <jmorganat_private> Speaking for myself. nihil illegitemi carborvndvm ____________________
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:34 PDT