Solar Designer wrote: > > Hi, > > In recent Linux distributions, we have at least the following > packages that write to /etc/passwd: > > 1. pwdb (provides libpwdb, which is used by pam_pwdb). > 2. pam_unix (included with Linux-PAM). > 3. util-linux (provides chsh, chfn). > 4. shadow-utils (provides useradd and the like). > > Only #1 and #4 use compatible locking. > > All of these are found on at least RH 6.x. pam_unix isn't used by > default, but is often recommended on pam-list and apparently is > going to replace pam_pwdb in RH 7.x. > > Solutions? > 1. Move to a more consistent system. Bonus: consistent man pages. > 2. Patch util-linux, patch pam_unix. > 3. Patch util-linux, don't use pam_unix. > 4. Use the versions of chsh and chfn provided with shadow-utils > rather than ones provided with util-linux (any particular reason RH > prefers the util-linux versions?). Don't use pam_unix. I'm now loking to locking code in pam_unix (I tries to "reimplement" current pam_unix now, as I already said in pam-list). And this is exactly the question triggered when I tried to compare locking in different modules/utils... And I plan to "patch pam_unix" (one of your variants), i.e. to write is so it will be compatible with pam_pwdb and shadow_utils. But it should take some time for me to finish things, and also will be a lot of time while new code will (well, if it will be tried/considered at at all) be tested/accepted... BTW, RedHat already switched to pam_unix in beta7. Regards, Michael.
