 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Mac Forum / Programming / Perl / August 2005Authentication woes...
Hi, I just added a PC to my home network and was playing with trying to access directories on my Mac OS X system and suddenly my pop server quit working (qpopper). It had been working fine for at least a year! Not a single user could connect to the server via telnet ( I can connect ok but sending the password *always* fails). I hopped into perl as root and tried: macjerry:~ root# perl -de0 Loading DB routines from perl5db.pl version 1.28 Editor support available. Enter h or `h h' for help, or `man perldebug' for more help. main::(-e:1): 0 DB<1> print getpwnam "jerry" jerry********501200Jerry LeVan/Users/jerry/bin/bash0 note the *'s where the password should be...I suspect this is why qpopper is failing. I think mucking around with enabling Mac OSX to allow Windows Networking connections has mucked up how passwords are handled. I can still log on ok and the only thing that I have found so far that is broken is the pop3 server I am running. How can I programatically determine if user "x" has password "z"? A cursory exam of the qpopper code "seems" to indicate that the getpw family of functions seem to be used. I have spent the better part of the day trying to run down how to do user authentication on Mac OS X (10.4.2) but I have not made any headway.... Thanks for any pointers. Jerry I think those are "shadow" passwords. The idea is that since lots of passwords can be broken just by clever guessing, it's not usually a good idea to store the hashed passwords (what used to be in your /etc/passwd file) in a world-readable file (which /etc/passwd must be). So those hashed passwords are stored in another place; on Linux that's usually in /etc/shadow, but on OS X it's probably somewhere in the NetInfo database. I'm also guessing that your /etc/passwd file was in its pristine state from a previous installation of OS X 10.2 or something, because I think it's been using shadow mechanisms for a while now. To get data from the NetInfo database, you can use the /usr/bin/niutil command, though I don't specifically know how to query for passwords, or even definitively that they're in there. Sorry this message has so much guessing, but maybe it's a start.... -Ken > Hi, > [quoted text clipped - 44 lines] > > Jerry 28 aug 2005 kl. 02.42 skrev Jerry LeVan: > Hi, > > I just added a PC to my home network and was playing with > trying to access directories on my Mac OS X system and > suddenly my pop server quit working (qpopper). It had > been working fine for at least a year! There are some differences in password storage for users allowed to connect by smb and others. If the users can log in locally however, the problem is probably with qpopper rather than system passwords, and I don't know how qpopper does authentication... > Not a single user could connect to the server via > telnet ( I can connect ok but sending the password [quoted text clipped - 15 lines] > note the *'s where the password should be...I suspect this > is why qpopper is failing. That is just the way it is, you never show a password. > I think mucking around with enabling Mac OSX to allow > Windows Networking connections has mucked up how passwords [quoted text clipped - 17 lines] > > Jerry Christian Huldt 070 461 22 07 08 616 83 07 christian@solvare.se Hmmm, After burying myself in Apples Documentation it appears that the question: Is "foo" the password for user "baz"? Can only be answered by digging into the Directory Services framework. It does not appear to be a task for the faint hearted... The NetInfo utility shows me that my authentication authority is : ;ShadowHash;HASHLIST:<SALTED-SHA1> I think mucking around with the SMB login stuff caused the "traditional" unix style authentication to break. It does not look like fixing qpopper is in the near future ;( Jerry > Hi, > [quoted text clipped - 44 lines] > > Jerry For what it is worth the answer to the question below is located here: > I think that I somehow need to use the Directory Services > to answer the question (programatically) : > > Is "foo" the password of user "faz"? <http://developer.apple.com/samplecode/CryptNoMore/CryptNoMore.html> -- xxxxx The program is about 600 lines of C code.... Jerry > Hmmm, > [quoted text clipped - 65 lines] >> >> Jerry > The program is about 600 lines of C code.... That's not all that difficult. I kind of wish you hadn't done that, but since I didn't warn you off earlier, I guess I shouldn't complain. The usual way to attack this sort of problem is to update the module that has fallen behind and reset all the passwords by hand. Good OS design intentionally puts roadblocks in the way of direct password recovery. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.