and the password field in passwd is not 'x'.
* src/grpck.c: Warn if a group has an entry in group and gshadow,
and the password field in group is not 'x'.
+2009-05-09 Nicolas François <nicolas.francois@centraliens.net>
+
+ * src/pwck.c: Warn if an user has an entry in passwd and shadow,
+ and the password field in passwd is not 'x'.
+ * src/grpck.c: Warn if a group has an entry in group and gshadow,
+ and the password field in group is not 'x'.
+
2009-05-09 Nicolas François <nicolas.francois@centraliens.net>
* man/login.defs.d/ENCRYPT_METHOD.xml,
policy in a central place. The -c/--crypt-method, -e/--encrypted,
-m/--md5 and -s/--sha-rounds options are no more supported on PAM
enabled systems.
+- grpck
+ * Warn if a group has an entry in group and gshadow, and the password
+ field in group is not 'x'.
- login
* Do not trust the current utmp entry's ut_line to set PAM_TTY. This could
lead to DOS attacks.
* Change the passwords using PAM. This permits to define the password
policy in a central place. The -c/--crypt-method and -s/--sha-rounds
options are no more supported on PAM enabled systems.
+- pwck
+ * Warn if an user has an entry in passwd and shadow, and the password
+ field in passwd is not 'x'.
*** translation
- Updated Czech translation
compare_members_lists (grp->gr_name,
grp->gr_mem, sgr->sg_mem,
grp_file, sgr_file);
+
+ /* The group entry has a gshadow counterpart.
+ * Make sure no passwords are in group.
+ */
+ if (strcmp (grp->gr_passwd, SHADOW_PASSWD_STRING) != 0) {
+ printf (_("group %s has an entry in %s, but its password field in %s is not set to 'x'\n"),
+ grp->gr_name, sgr_file, grp_file);
+ *errors += 1;
+ }
}
}
#endif
exit (E_CANTUPDATE);
}
}
+ } else {
+ /* The passwd entry has a shadow counterpart.
+ * Make sure no passwords are in passwd.
+ */
+ if (strcmp (pwd->pw_passwd, SHADOW_PASSWD_STRING) != 0) {
+ printf (_("user %s has an entry in %s, but its password field in %s is not set to 'x'\n"),
+ pwd->pw_name, spw_file, pwd_file);
+ *errors += 1;
+ }
}
}
}
projects / shadow / commitdiff