On Thu, Oct 19, 2000 at 02:21:09PM -0400, Nalin Dahyabhai wrote: > On Thu, Oct 19, 2000 at 10:57:56AM -0400, Joseph S D Yao wrote: > > These "extensions" date back to the late 1970's and PWB Unix 1.0. They > > relate to password aging. The passwords use regular crypt(). If your > > getpw*() functions don't terminate at the comma, then you can either use > > strncmp() or replace the commas with NULs in-line [but beware of any > > other problems that may cause]. > > Since originally looking at it, I've noticed that it's easier to use > strncmp() than attempting to terminate the string in the right place. IMHO, that should work just fine. You are dealing with a fixed-length field, here. As long as you are only using it for the one style of passwd entries. > Do you have any pointers to online sources of documentation for what > these fields are used for? Oh, gee. Let's see. HP-UX is a good source for System V-compliant information. In passwd(4) it says here: "The encrypted password consists of 13 characters chosen from a 64- character set of "digits" described below, except when the password is null, in which case the encrypted password is also null. Login can be prevented by entering in the password field a character that is not part of the set of digits (such as *). The characters used to represent "digits" are . for 0, / for 1, 0 through 9 for 2 through 11, A through Z for 12 through 37, and a through z for 38 through 63. Password aging is put in effect for a particular user if his encrypted password in the password file is followed by a comma and a nonnull string of characters from the above alphabet. (Such a string must be introduced in the first instance by a superuser.) This string defines the "age" needed to implement password aging. The first character of the age, M, denotes the maximum number of weeks for which a password is valid. A user who attempts to login after his password has expired is forced to supply a new one. The next character, m, denotes the minimum period in weeks that must expire before the password can be changed. The remaining characters define the week (counted from the beginning of 1970) when the password was last changed (a null string is equivalent to zero). M and m have numerical values in the range 0 through 63 that correspond to the 64- character set of "digits" shown above. If m = M = 0 (derived from the string . or ..), the user is forced to change his password next time he logs in (and the "age" disappears from his entry in the password file). If m > M (signified, for example, by the string ./), then only a superuser (not the user) can change the password. Not allowing the user to ever change the password is discouraged, especially on a trusted system. ..." Solaris is sometimes also a good source for System V-compliant information, but the above should suffice. Note that Linux shadow(5) describes what appears to me a more flexible version of same. -- /*********************************************************************\ ** ** Joe Yao jsdy@tux.org - Joseph S. D. Yao ** \*********************************************************************/
