On Aug 30, Jordyn A. Buchanan wrote
: On Sat, 30 Aug 1997, Heiko Schlittermann wrote:
:
: > But beware -- I just discovered that (at least on my linux system
: > (Debian GNU/Linux, using libc5) there are minor glitches, misfeatures or
: > whatever. If it hits you depends on your system and on your radiusd.
: > The radiusd I use (the one from cistron) is started
: > once and runs ``forever'' (unless I change the /etc/raddb/* files).
: > And it seems as if the shadow passwords are cached somewhere (libc?, not
: > (!) by the radiusd). Once the radiusd runs I can change user passwords
: > and the daemon doesn't get it.
:
: This is pretty strange, and definitely seems to be a function of the OS
: (although why, I have no idea!) rather than the radiusd process itself.
: We run cistron radiusd here without any such problems, and a cursory
: glance at the source code doesn't seem to indicate any sort of caching
: mechansim.
Yes, as I pointed out, it's definitvly _NOT_ the radiusd caching the
shadow passwords (but the deamon is caching in case of no-shadow
passwords:
in radiusd.c
/*
* Call getpwnam but cache the result.
*/
struct passwd *rad_getpwnam(char *name)
{
static struct passwd *lastpwd;
static char lastname[64];
if (strncmp(name, lastname, 64) == 0)
return lastpwd;
strncpy(lastname, name, 63);
lastname[63] = 0;
lastpwd = getpwnam(name);
return lastpwd;
}
But this function isn't called if you have shadow passwords. (Wrong,
the function is called, but then it's discovered that the encrypted
password is `x', and this triggers the shadow routines.) Since it's
unlikly (but possible) that you change from no-shadow to shadow (or vice
versa) while running the radiusd, this caching shouldn't do too much
harm here.
Heiko
-- email : heiko@lotte.sax.de heiko@debian.org heiko@sax.de pgp : A1 7D F6 7B 69 73 48 35 E1 DE 21 A7 A8 9A 77 92 finger: heiko@sax.sax.de heiko@master.debian.org--ewDGZ7tmp3eH4Qcq Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE----- Version: 2.6.3ia
iQCVAwUBNAlxU9BsuuHx3GhhAQFKwAP/UN+WwFf3KWnDmFohm7fXnDKeULoU9NBp lNTQ5qBj3eOKkJ4qK3H3EFRI6wOjviH+/SGlARueX73kYHyicrHFe2QsoYnjXaNX qO5wH2Go2IuPCnfRD5C6VAa5FyouJ+VEYxSYszxVMLYnmeb3NvdWHb/EOgA+cdE9 QAYh8o8heRI= =hL7V -----END PGP SIGNATURE-----
--ewDGZ7tmp3eH4Qcq--