Re: Shadow Passwords
Miquel van Smoorenburg (miquels@cistron.nl)
31 Aug 1997 19:17:28 +0200
In article <Pine.LNX.3.95.970831114846.600v-100000@inorganic5.fdt.net>,
Jon Lewis <jlewis@inorganic5.fdt.net> wrote:
>On Sun, 31 Aug 1997, Heiko Schlittermann wrote:
>
>> /*
>> * Call getpwnam but cache the result.
>> */
>> struct passwd *rad_getpwnam(char *name)
>> {
>> static struct passwd *lastpwd;
>> static char lastname[64];
>>
>> if (strncmp(name, lastname, 64) == 0)
>>
>> But this function isn't called if you have shadow passwords. (Wrong,
>
>I looked at this briefly last night too. This function only caches 1
>password struct...so the only way I could see it being a problem would be
>if a new user tried to dial in before the account was open. Then that
>user keeps trying to get in while nobody else it authenticating. The
>cached null struct might keep him from getting in until someone else has
>tried to login.
>
>Is there really much point in caching 1 passwd entry?
Well, the code in the radiusd calls getpwnam potentially more then one time
for the same username. It makes sense to cache this, and I took the
easy way out by using rad_getpwnam in all places I'd normally use getpwnam.
But I'll fix it so that there's a timeout of five seconds on it.
Mike.
--
| Miquel van Smoorenburg | |
| miquels@cistron.nl | Owners of digital watches, your days are numbered. |
| PGP fingerprint: FE 66 52 4F CD 59 A5 36 7F 39 8B 20 F1 D6 74 02 |