[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference turris::digital_unix

Title:	DIGITAL UNIX(FORMERLY KNOWN AS DEC OSF/1)
Notice:	Welcome to the Digital UNIX Conference
Moderator:	SMURF::DENHAM

Created:	Thu Mar 16 1995
Last Modified:	Fri Jun 06 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	10068
Total number of notes:	35879

8579.0. "how to update passwd from C program (Enhanced Security + NIS)?" by DOOSJE::HERTA (For something fulfilled this hour, loved, or endured) Fri Jan 24 1997 10:54

Customer is running Digital UNIX V3.2G + enhanced security + NIS on an ASE V1.3
cluster.  According to the documentation, if a user wants to change his 
password in such a configuration, he should do so using the "passwd" command.

When logging in, the users are dropped directly into an application from which 
they do not have shell access.  We want to create a menu option in the 
application which allows the user to modify both his application and UNIX 
passwords.

What system function should we use in the program?  I checked the getprpwent 
series and the yppasswd man pages, but they do not seem to update the correct 
files.

Herta

T.R	Title	User	Personal Name	Date	Lines
8579.1		GERUND::WOLFE	I'm going to huff, and puff, and blow your house down	`Fri Jan 24 1997 13:42`	15
	I'm not a security expert but I think you need to use sia_chg_passwd function. See the Digtial UNIX Security docs for more information. The put/get style interfaces are at a lower level. You would have to generate the encrypted password and then call these routines. That can be tricky in C2 cause there are multiple encryption alorgithms to choose from (i.e. you'd have to use the same one that the user's account was configured to use). If your application is a GUI, you might be able to fork off /usr/tcb/bin/dxchpwd. This is a GUI interface for a user to change his password. Note that there is a bad bug in this GUI on V4.0 systems so you'd need a patch in order to use it. This would not let you set and application specific password however. Pete
8579.2		SMURF::FENSTER	Yaacov Fenster - System Engineering, Troubleshooting and other m	`Fri Jan 24 1997 14:01`	8
	<<< Note 8579.0 by DOOSJE::HERTA "For something fulfilled this hour, loved, or endured" >>> -< how to update passwd from C program (Enhanced Security + NIS)? >- Take a look at 582.2. Mulp posted a permutation of one of my programs that contains among other things the code that you need. If it isn't enough, I should have a later version lying around someplace. Yaacov
8579.3	need more info	DOOSJE::HERTA	For something fulfilled this hour, loved, or endured	`Mon Jan 27 1997 06:44`	27
	Re:.1 - Pete Wolfe > I'm not a security expert but I think you need to use sia_chg_passwd I'm not an expert either, but from the documentation, it looks like sia* only works on the traditional UNIX /etc/passwd file. > That can be tricky in C2 cause there are multiple encryption alorgithms > to choose from (i.e. you'd have to use the same one that the user's > account was configured to use). What is the default algorithm when you set up enhanced security? Or do we need to know it? While most of the users will be dropped directly into the application, we will have some with shell access. Potentially, these users will change their password both from shell and from the application change- password module. > If your application is a GUI, you might be able to Nope. It's character-cell interface. We might call out to /usr/bin/passwd, but I was hoping for a cleaner program. Re:.2 - Yaacov Fenster > Take a look at 582.2. I took a look at the program, and while it could be very helpful in writing our own, it leaves me with the problem mentioned above, i.e., what is the default "salt" value used by enhanced security? Thanks for both answers so far. Herta
8579.4		GERUND::WOLFE	I'm going to huff, and puff, and blow your house down	`Mon Jan 27 1997 12:03`	25
	>I'm not an expert either, but from the documentation, it looks like sia* >only works on the traditional UNIX /etc/passwd file. No, the sia interface is designed with work with all the security interfaces on the system - it's the lowest level api that the upper security layers are built on (base, C2, DCE, etc). >What is the default algorithm when you set up enhanced security? Not sure but I think it's BigCrypt. >Or do we need to know it? A program that sets the user's encytped passwd needs to know. >our own, it leaves me with the problem mentioned above, i.e., what is the default >"salt" value used by enhanced security? That program is simply creating new accounts and setting the initial password using crypt. Do a man 3 crypt to see what the salt characters are. I still think you want to be using the sia_chg_password routine... I am also hoping that the real security types will jump in at this point :-) Pete
8579.5	Use sia_chg_password()	NETRIX::"[email protected]"	Ann Majeske	`Wed Jan 29 1997 17:21`	11
	To write a program that changes a user's password for Enhanced Security, the easiest thing to do is to use sia_chg_password(3). sia_chg_password will work with either Enhanced Security or Base Security and it will also work over NIS. sia_chg_password should do the whole thing, prompting for old and new password, encrypting the new password, and storing it in the proper database. You should be able to use sia_collect_trm(3) as the collection routine, or you can code your own collection routine using sia_collect_trm as a template. You could also just exec /usr/bin/passwd. [Posted by WWW Notes gateway]