Answering to my own post... :) Thorsten answered on most questions here. "Michael Ju. Tokarev" wrote: > [] > (BTW, is nis that useful for storing > passwords so that even this compatibility should be concerned? It is > very insecure for this purpose, at least with current linux > implementation -- > passwords (well, shadow entries in crypted form) are walked in > network...) Forget about this. It is nis+, not nis. [] > currently does! BTW, maybe this should be a nis client implementation > issue -- to deal with uids -- not the pam_unix (pam_nis) one? > Can we simple remove that setreuid() fragments from pam_unix?? > And let the library to set/reset uids if available/needed? > If so, the only thing that pam_unix should know about value of pw_passwd > field is if shadow entry present (or should be) or not (i.e. if it's > value > is "x" or not)... > Can Steve comment on this please? And this also. It was nis+, not nis. And this was ok -- nis+ requires that you have your own uid to see your password. Regards, Michael.
