Filewatcher File Search
FTP Search
  
Directory 
  
Content Search 
   
pkg://C-Linux-HOWTOs-html.tar.gz:1591252/Shadow-Password-HOWTO-html.tar.gz  downloads

Shadow-Password-HOWTO-1.html0100644000014400001440000000474607110535716015415 0ustar  cwhuangusers<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=big5">
 <META NAME="GENERATOR" CONTENT="ZH-SGML-Tools 1.0.9">
 <TITLE>¦p¦ó¨ú±o¡A¦w¸Ë¡A³]©w shadow ±K½X: ²¤¶</TITLE>
 <LINK HREF="Shadow-Password-HOWTO-2.html" REL=next>

 <LINK HREF="Shadow-Password-HOWTO.html#toc1" REL=contents>
</HEAD>
<BODY>
<A HREF="Shadow-Password-HOWTO-2.html">Next</A>
Previous
<A HREF="Shadow-Password-HOWTO.html#toc1">Contents</A>
<HR>
<H2><A NAME="s1">1. ²¤¶</A></H2>

<P>³o½g¤å³¹¬° Linux Shadow-Password-HOWTO¡C  ¥D­n¬O¦b´y­z¬°¦ó¤Î¦p¦ó©ó Linux ¨t²Î¥[¤J
shadow ±K½X¤ä´©¡C ¨ä¥ç¥]¬A¦p¦ó¨Ï¥Î <EM>Shadow Suite's</EM> ¬Y¨Ç½d¨Ò¡C
<P>·í¶i¦æ <EM>Shadow Suite</EM> ¦w¸Ë¤Î¨Ï¥Î³\¦hªº utility µ{¦¡®É¡E§A¥²¶·¥H <EM>root</EM> 
Åv­­Ã±¤J¡C ¥B¶i¦æ <EM>Shadow Suite</EM> ¦w¸Ë®É¡A¨t²Î³nÅé±N³Q§ïÅÜ¡A¦]¦¹±j¯Pªº«Øij
±z·Ó»¡©úÀɳƤÀµ{¦¡¡C¦b¦¹±j½Õ¦b±z¶}©l§@·~«e»Ý¥ý¾\Ū¤Î¤F¸Ñ©Ò¦³ªº»¡©ú®Ñ¡C
<P>
<H2><A NAME="ss1.1">1.1 §ó§ï¤W¤@ª©¥»³¡¤À</A>
</H2>

<P>
<PRE>
·s¼W¡G
        ·s¼W¤@­Ó¤l¸`¡G¬°¦ó±z¤£­n¦w¸Ë shadow 
        ·s¼W¤@­Ó¤l¸`¡G­×§ï xdm µ{¦¡
        ·s¼W¤@¸`¡G¬°¦ó±z¤£­n¦w¸Ë shadow 
        ·s¼W¤@¸`¡G¦p¦ó©ó¥¼¨Ó¹B§@ Shadow Suite 
        ·s¼W¤@¸`¡G±`°Ý°ÝÃD¤Îµª®×
        

§ó¥¿/­×§ï¡G
        §ó¥¿¦b Sunsite ªº html °Ñ¦Ò¸ê®Æ
        §ó¥¿¦b wu-ftp ¸`¦b Makefile ·s¼W -lshadow
        §ó¥¿¸û¤£ÄY­««÷­µ©M±¹µü¿ù»~
        §ó§ï wu-ftp ¸`¥Î¥H¤ä´© ELF
        ­×§ï¦b¤£¦Pñ¤J(login)µ{¦¡¦w¥þ°ÝÃD 
        ­×§ï Linux Shadow Suite «Øij¬° Marek Michalkiewicz
        
</PRE>
<P>
<H2><A NAME="ss1.2">1.2 ·sª©¤å¥ó</A>
</H2>

<P>±z¥i§Q¥Î°Î¦WÀɶi¤J¸Ó FTP ¯¸¤U¸ü³Ì·sª©¤å¥ó¡G
<B>sunsite.unc.edu</B>
<PRE>
/pub/Linux/docs/HOWTO/Shadow-Password-HOWTO
</PRE>

or:
<PRE>
/pub/Linux/docs/HOWTO/other-formats/Shadow-Password-HOWTO{-html.tar,ps,dvi}.gz
</PRE>
<P>©Î³z¹Lºô¯¸¡G
<A HREF="http://sunsite.unc.edu/mdw/linux.html">Linux Documentation Project Web Server</A>¡Aºô­¶¡G
<A HREF="http://sunsite.unc.edu/linux/HOWTO/Shadow-Password-HOWTO.html">Shadow-Password-HOWTO</A>
©Î»P§ÚÁpµ¸¡G <CODE>&lt;mhjack@tscnet.com></CODE>. ¥ç¥i³z¹L·s»D¸s²Õ±i¶K¡G
<CODE>comp.os.linux.answers</CODE>
<P>³o¨Ç¤å¥ó²{¦b¤w¸g¥]©ó Shadow-YYDDMM ®M¥ó¤¤¡C
<P>
<H2><A NAME="ss1.3">1.3 ¦^ÂÐ</A>
</H2>

<P>½Ð±N¥ô¦óµû»y¡B­×§ï©Î«Øij±H¦Ü¡G
<A HREF="mailto:mhjack@tscnet.com">Michael H. Jackson &lt;mhjack@tscnet.com></A>  §Ú·|ºÉ§Ö¦^ÂШç󥿸Ӥå¥ó¡C
¦pªG§Aµo²{¥ô¦ó°ÝÃD¡A½Ðª½±µ email µ¹§Ú¡A§Ú·|±N¦¹³Ì·s§Þ³N±i¶K©ó·s»D¸s²Õ¡C
<P>
<HR>
<A HREF="Shadow-Password-HOWTO-2.html">Next</A>
Previous
<A HREF="Shadow-Password-HOWTO.html#toc1">Contents</A>
</BODY>
</HTML>
Shadow-Password-HOWTO-10.html0100644000014400001440000000352607110535716015470 0ustar  cwhuangusers<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=big5">
 <META NAME="GENERATOR" CONTENT="ZH-SGML-Tools 1.0.9">
 <TITLE>¦p¦ó¨ú±o¡A¦w¸Ë¡A³]©w shadow ±K½X: ª©ÅvÁn©ú(¼È¤£Â½Ä¶)</TITLE>
 <LINK HREF="Shadow-Password-HOWTO-11.html" REL=next>
 <LINK HREF="Shadow-Password-HOWTO-9.html" REL=previous>
 <LINK HREF="Shadow-Password-HOWTO.html#toc10" REL=contents>
</HEAD>
<BODY>
<A HREF="Shadow-Password-HOWTO-11.html">Next</A>
<A HREF="Shadow-Password-HOWTO-9.html">Previous</A>
<A HREF="Shadow-Password-HOWTO.html#toc10">Contents</A>
<HR>
<H2><A NAME="s10">10. ª©ÅvÁn©ú(¼È¤£Â½Ä¶)</A></H2>

<P>The Linux Shadow Password HOWTO is Copyright (c) 1996 Michael H. Jackson.
<P>Permission is granted to make and distribute verbatim copies of
this document provided the copyright notice and this permission notice
are preserved on all copies.
<P>Permission is granted to copy and distribute modified versions of this
document under the conditions for verbatim copies above, provided a notice
clearly stating that the document is a modified version is also included in
the modified document.
<P>Permission is granted to copy and distribute translations of this document
into another language, under the conditions specified above for modified
versions.
<P>Permission is granted to convert this document into another media under
the conditions specified above for modified versions provided the requirement
to acknowledge the source document is fulfilled by inclusion of an obvious
reference to the source document in the new media. Where there is any
doubt as to what defines 'obvious' the copyright owner reserves the right
to decide.
<P>
<HR>
<A HREF="Shadow-Password-HOWTO-11.html">Next</A>
<A HREF="Shadow-Password-HOWTO-9.html">Previous</A>
<A HREF="Shadow-Password-HOWTO.html#toc10">Contents</A>
</BODY>
</HTML>
Shadow-Password-HOWTO-11.html0100644000014400001440000000264507110535716015472 0ustar  cwhuangusers<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=big5">
 <META NAME="GENERATOR" CONTENT="ZH-SGML-Tools 1.0.9">
 <TITLE>¦p¦ó¨ú±o¡A¦w¸Ë¡A³]©w shadow ±K½X: Miscellaneous and Acknowledgments.</TITLE>
 <LINK HREF="Shadow-Password-HOWTO-10.html" REL=previous>
 <LINK HREF="Shadow-Password-HOWTO.html#toc11" REL=contents>
</HEAD>
<BODY>
Next
<A HREF="Shadow-Password-HOWTO-10.html">Previous</A>
<A HREF="Shadow-Password-HOWTO.html#toc11">Contents</A>
<HR>
<H2><A NAME="s11">11. Miscellaneous and Acknowledgments.</A></H2>

<P>The code examples for <CODE>auth.c</CODE> are taken from pppd-1.2.1d and
ppp-2.1.0e, Copyright (c) 1993 and The Australian National University and
Copyright (c) 1989 Carnegie Mellon University.
<P>Thanks to Marek Michalkiewicz &lt;marekm@i17linuxb.ists.pwr.wroc.pl> for
writing and maintaining the <EM>Shadow Suite</EM> for Linux, and for his
review and comments on this document.
<P>Thanks to Ron Tidd &lt;rtidd@tscnet.com> for his helpful review and testing.
<P>Thanks to everyone who has sent me feedback to help improve this document.
<P>Please, if you have any comments or suggestions then mail them to me.
<P>regards
<P>
<A HREF="mailto:mhjack@tscnet.com">Michael H. Jackson &lt;mhjack@tscnet.com></A><P>
<HR>
Next
<A HREF="Shadow-Password-HOWTO-10.html">Previous</A>
<A HREF="Shadow-Password-HOWTO.html#toc11">Contents</A>
</BODY>
</HTML>
Shadow-Password-HOWTO-2.html0100644000014400001440000002453507110535716015414 0ustar  cwhuangusers<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=big5">
 <META NAME="GENERATOR" CONTENT="ZH-SGML-Tools 1.0.9">
 <TITLE>¦p¦ó¨ú±o¡A¦w¸Ë¡A³]©w shadow ±K½X: ¬°¦ó shadow §Aªº passwd ÀÉ?</TITLE>
 <LINK HREF="Shadow-Password-HOWTO-3.html" REL=next>
 <LINK HREF="Shadow-Password-HOWTO-1.html" REL=previous>
 <LINK HREF="Shadow-Password-HOWTO.html#toc2" REL=contents>
</HEAD>
<BODY>
<A HREF="Shadow-Password-HOWTO-3.html">Next</A>
<A HREF="Shadow-Password-HOWTO-1.html">Previous</A>
<A HREF="Shadow-Password-HOWTO.html#toc2">Contents</A>
<HR>
<H2><A NAME="s2">2. ¬°¦ó shadow §Aªº passwd ÀÉ?</A></H2>

<P>¤j³¡¤À¥Ø«e Linux µo¦æª©¥»¹w³]­È¨Ã¥¼¥]§t<EM>Shadow Suite</EM> ¦w¸Ë¡C
³o¨Çª©¥»¥]¬A Slackware 2.3, Slackware 3.0 ©M¨ä¥L¨üÅwªïªºµo¦æª©¥»¡C
¥D­n­ì¦]¤§¤@¬O¦b­ì©l<EM>Shadow Suite</EM>ª©ÅvÁn©ú¤¤¨Ã¥¼«Ü²M·¡ªº´y­z¸Ó³nÅé¬O
§_»Ý¨Ï¥ÎªÌ¥I¶O¡C Linux ¨Ï¥Î GNU ª©Åv³q±`¤¹Äò¨Ï¥ÎªÌ¥i§K¶O¥B¥ô·N¨Ï¥Î¬ÛÃö®M¥ó¡C
<P>
<P><EM>Shadow Suite</EM>²{¦bºûÅ@¤H­û
<A HREF="mailto:marekm@i17linuxb.ists.pwr.wroc.pl">Marek Michalkiewicz &lt;marekm@i17linuxb.ists.pwr.wroc.pl></A> 
¤w¸g¥i¥H±q¦b BSD ¼Ë¦¡¤¹»Ý¦A¨Ï¥Îª©Åv¤§­ì©l§@ªÌ¨º±µ¦¬­ì©l½X¡C ¥Ø«eª©Åvµo¦æ¤w
¸Ñ¨M¡A¦]¦¹¥i¥H¹w´Á¦b¥¼¨Óª©¥»¤§¹w³]­È±N¥]¬A password shadowing¡C §Y¨Ï¦p¦¹¡A
§A¤´»Ý­n¦Û¦æ¦w¸Ë¡C
<P>
<P>¦pªG§Aªºª©¥»¬O±q CD-ROM ¦w¸Ë¡C§A¥i¯àµo²{§Y¨Ï¥Ø«eª©¥»¨Ã¥¼¦³<EM>Shadow Suite</EM> 
¦w¸Ë¡A¦ý§A¤´µM¥i¥H¦b¸Ó¤ù CD-ROM §ä¨ì§A»Ý­n¦w¸Ëªº<EM>Shadow Suite</EM>¡C
<P>
<P><EM>µM¦Ó¡A©Ò¦³Shadow Suite 3.3.1, 3.3.1-2 ª©¥»©M shadow-mk ¦ñÀHñ¤J(login)µ{¦¡©M
¨ä¥L<EM>suid root</EM>µ{¦¡§¡¦³¦w¥þ¤W°ÝÃD¡A¦]¦¹¤£À³¸Ó¨Ï¥Î¤Ó¤[¡C</EM>
<P>
<P>©Ò¦³¥²­nÀɮק¡¥i¥H³z¹L°Î¦W FTP ¯¸©Îºô¯¸§ä¨ì¡C
<P>¦b¨S¦³¦w¸Ë<EM>Shadow Suite</EM>ªº Linux ¨t²Î¡A¥]¬A±K½Xªº±b¸¹¨Ï¥ÎªÌ¸ê°T³q±`Àx¦s¦b 
<CODE>/etc/passwd</CODE> ÀÉ¡C
Àx¦sªº±K½X¬° <EM>¥[±K(encrypted)</EM>®æ¦¡¡C  µM¦Ó¡A¦pªG§A°Ý¤@­Ó±K½X±M®a¡A¥L/¦o±N
§i¶D§A¯u¥¿ªº±K½XÀÉ¥u¬O<EM>½s½X(encoded)</EM>¦Ó¤£¬O<EM>¥[±K</EM>®æ¦¡¡A¦]¬°·í¨Ï¥Î 
crypt(3) ®É¡A¤å¦rÀÉ­¿³]¬° null ¥B±K½X¬OÁä­È(key)¡C ¦]¦¹¡A±µ¤U¨Ó§Ú±N¦b³o½g¤å¥ó¤¤¨Ï¥Î
<EM>½s½X</EM>¡C
<P>
<P>¨Ï¥Î¦b±K½XÄæ¦ì½s½Xªººtºâªk©ó§Þ³N¤W¬O¨Ï¥Î<EM>one way hash function</EM>¡C³o¬O¤@­Ó
¦b³æ¤@¤è¦V­pºâ²³æ¦ý°f¦V­pºâ«D±`§xÃøªººtºâªk¡CÃö©ó³o¥¿½Tªººtºâªk¥i¥H¦b 2.4 ¸`©Î
©ó crypt(3) ¾Þ§@¤â¥U§ä¨ì¡C
<P>
<P>·í¨Ï¥ÎªÌ¬D¿ï©Î«ü©w¤@­Ó±K½X¡A¨t²Î±NÀH¾÷²£¥Í¤@­Ó­È¡A¥s°µ<EM>salt</EM>¡A±N±K½X¶i¦æ
½s½X¡C ³oªí¥Ü¥ô¦ó¯S©wªº±K½X¥i¥H 4096 ¤¤¤£¦P¤èªkÀx¦s¡C <EM>salt</EM> ­È±NÀx¦s³Q½s
½Xªº±K½X ¡C
<P>·í¨Ï¥ÎªÌñ¤J©Î´£¨Ñ¤@­Ó±K½X¡A <EM>salt</EM> ­º¥ý±µ¦¬±ýÀx¦s½s½X±K½X¡CµM«á³o´£¨Ñ±K½X
·|©M <EM>salt</EM> ­È¤@°_<EM>½s½X</EM>¡A¥B¤ñ¸û¤w¸g<EM>½s½X</EM>±K½X¡C¦pªG¦³ match
¡A¸Ó¨Ï¥ÎªÌ³q¹LÅv­­Àˬd¡C 
<P>
<P>ÀH¾÷<EM>½s½X</EM>©M´_­ì­ì©l±K½X¬O¦³­pºâ½ÆÂø«×ªº(¦ý¤£¬O¤£¥i¯àªº)¡CµM¦Ó¡A¦b¬Y¨Ç¨t²Î
«Ü¦h¨Ï¥ÎªÌªº±K½X³£³]¬°¤@¯ë¤å¦r(©Î¬O¤@¯ë¤å¦rªºÂ²³æÅܤÆ)
<P>
<P>¨t²ÎÀb«Èª¾¹D³o¥ó¨Æ¡A¥B±N²³æªº¥[±K¤å¦r©M¤@¯ë¨Ï¥Î4096 <EM>salt</EM> ­È±K½X¤§¥Ø¿ý¡CµM
«á¥L­Ì±N¤ñ¸û¦b¸ê®Æ®w¤§ <CODE>/etc/passwd</CODE> Àɤ§½s½X±K½X¡A¥u­n¥L­Ì§ä¨ì¤@­Ó¤ñ¹ï¡A¥L­Ì
¥i¥H§ä¨ì¤@­Ó±b¸¹¤§±K½X¡C³o©M<EM>dictionary attack</EM>¦³Ãö¡A¥B¥Î©ó¥¼¸g³\¥i¦s¨ú¨t²Î¨ú
±o©M®i¶}±`¥Îªº¤èªk¤§¤@¡C
<P>
<P>¦pªG§A·Q¹L¤@­Ó 8 ½Xªº±K½X½s½X¦¨ 4096 * 13 ½Xªº¦r¦ê¡A¨º»ò¤@­Ó¥Î¦b´y­z 400,000 ¤@¯ë¤å¦r
¡B¦W¦r¡B±K½X©M²³æÅܤƪº¦r¨å±N»Ý­n 4GB µwºÐ¦s¨úªÅ¶¡¡C  Àb«È»Ý­n°µªº¥u¬O¤ÀÃþ¦r¦ê¸òÀˬd
¤ñ¹ïµ²ªG¡C  ¦Û±q 4GB µwºÐ¥i¥H¥H¬üª÷ 1000.00 ¥H¤U¶R¨ì«á¡A¹ï¤j¦h¼Æ¨t²ÎÀb«Èªº·N¸q¥i·Q¦Ó
ª¾ ¡C
<P>¦pªGÀb«È­º¥ýµo²{§Aªº <CODE>/etc/passwd</CODE> ÀÉ¡A¥L­Ì¥u»Ý­n±N¯u¥¿¥]§t¦b 
<CODE>/etc/passwd</CODE> ÀÉ <CODE>salt</CODE> ­Èªº¦r¨å½s½X¡A³o¤èªk¥i¥Ñ¾Ö¦³486¯Å¹q¸£©Î´X­Ó¦³
´X¦Ê MB µwºÐªÅ¶¡ªº¤Q¨Ó·³ªº¤p«Ä¾A¥Î¡C
<P>
<P>§Y¨Ï¨S¦³«Ü¤jªººÏºÐªÅ¶¡¡A¹³ crack(1) ªº¤u¨ãµ{¦¡³q±`¥i¥H¦b¨¬°÷¨Ï¥ÎªÌ¨t²Î¤¤¦Ü¤Ö¯}¸Ñ¤@¹ï
±K½X¡]°²³]¨t²Î¨Ï¥ÎªÌ­¿¤¹³\¬D¿ï¥L­Ì·Q­nªº±K½X¡^¡C
<P>
<P><CODE>/etc/passwd</CODE> Àɤ]¥]¬A¤@¨Ç¬ÛÃö¸ê°T¡A¹³¨Ï¥ÎªÌ ID¡@©M¸s²Õ ID©Ò¨Ï¥Îªº¨t²Îµ{¦¡¡F¦]¦¹
<CODE>/etc/passwd</CODE> ÀÉ <EM>¥²¶·</EM> «O«ù¥þ¥@¬É¥iŪ©Ê.  ¦pªG§A§ïÅÜ <CODE>/etc/passwd</CODE> 
ÀÉ¥H­P©ó¨S¦³¤H¥i¥HŪ¨ú¡A§A±Nµo²{ªº²Ä¤@¥ó¨Æ¬O <CODE>ls -l</CODE> ©R¥O±N¨ú¥N¦WºÙ¦ÓÅã¥Ü¨Ï¥ÎªÌ ID
¡C
<P><EM>Shadow Suite</EM> ³z¹L±N±K½X¦s¦Ü¥t¤@­ÓÀÉ¡]³q±`¬O <CODE>/etc/shadow</CODE> ÀÉ¡^¨Ó¸Ñ¨M¸Ó
°ÝÃD¡C <CODE>/etc/shadow</CODE> Àɹï¥ô¦ó¤H³]©w¥iŪÀÉ¡A¥u¦³ <EM>root</EM> Åv­­¥i¥HŪ¼g
<CODE>/etc/shadow</CODE> ÀÉ¡C¬Y¨Çµ{¦¡¡]¹³ xlock¡^¤£»Ý­n§ïÅܱK½X¡A¥u»Ý­n½T»{±K½X§Y¥i¡C³o¨Çµ{¦¡
¥i¥H¥H <EM>suid root</EM> °õ¦æ©ÎªÌ§A¥i¥H³]©w¤@­Ó¸s²Õ <EM>shadow</EM> ¥Î¨Ó°ßŪ 
<CODE>/etc/shadow</CODE> ÀÉ¡AµM«á³o¨Çµ{¦¡¥i¥H°õ¦æ <EM>sgid¡@shadow</EM>¡C
<P>³z¹L²¾°Ê±K½X¦Ü <CODE>/etc/shadow</CODE> ÀÉ¡A§Ú­Ì¥i¥H¦³¤Oªº³Æ¦³Àb«È±q¦s¨ú½s½X±K½X¨ì°õ¦æ
<EM>dictionary attack</EM> ªºÃÒ¾Ú¡C
<P>°£¦¹¤§¥~¡A <EM>Shadow Suite</EM> ·s¼W³\¦h¯S¦â¡G
<UL>
<LI>³]©wÀÉ©ó³]©w¬°Ã±¤J®É¹w³](<CODE>/etc/login.defs</CODE>)</LI>
<LI>·s¼W¡B­×§ï©M§R°£¨Ï¥ÎªÌ±b¸¹¸s²Õ¤§¤u¨ãµ{¦¡</LI>
<LI>±K½X¹Ø©R­pºâ¤Î¨ì´Á¤é</LI>
<LI>±b¸¹¨ì´Á¤é¸òÂꦺ</LI>
<LI>ÁôÂøs²Õ±K½X (¥i¿ï¾Üªº)</LI>
<LI>¨â­¿ªø«×±K½X (16 ¦r¤¸±K½X) [¤£«Øij¨Ï¥Î]</LI>
<LI>°w¹ï¨Ï¥ÎªÌ±K½X¿ï¾Ü¦³¸û¦nªº±±¨î</LI>
<LI>¥i¼·±µ±K½X</LI>
<LI>³Æ¥Î¦³®ÄÅv­­µ{¦¡ [¤£«Øij¨Ï¥Î]</LI>
</UL>
<P>¦w¸Ë <EM>Shadow Suite</EM> °^Äm¬°¦³§ó¦w¥þ¨t²Î¡A¦ý¬OÁÙ¦³¨ä¥L¤èªk¥i¥H§ïµ½ Linux ¨t²Îªº¦w¥þ
¡A¥B³Ì²×±N¦³¤@¨t¦Cªº Linux ¦w¥þ HOWTO's ±N°Q½×¨ä¥L¦w¥þ°ò·Ç©M¬ÛÃö¤å¥óª©¥»¡E
<P>
<P>°w¹ï¥Ø«e¨ä¥L Linux ¦w¥þ¤å¥ó¸ê°T¡A½Ð°Ñ·Óºô§}¡G
<A HREF="http://bach.cis.temple.edu/linux/linux-security/">Linux Security home page.</A><P>
<P>
<H2><A NAME="ss2.1">2.1 ¬°¦ó±z¤£­n shadow §Aªº passwd ÀÉ</A>
</H2>

<P>¦³¤@¨Çª¬ªp¸ò³]©w¹B¥Î¦b¦w¸Ë <EM>Shadow Suite</EM> ±N <EM>¤£¬O</EM> ¦n¥D·N¡G¡@ 
There are a few circumstances and configurations in which installing the
<EM>Shadow Suite</EM> would <EM>NOT</EM> be a good idea:
<UL>
<LI>¥D¾÷¨S¦³¥]§t¨Ï¥ÎªÌ±b¸¹¡C</LI>
<LI>¥D¾÷¬O¦b LAN ¤W¶]¥B¨Ï¥Îºô¸ô¸ê°TªA°È(Network Information
Services, NIS)±o¨ì©Î¨ÑÀ³¨Ï¥ÎªÌ¦WºÙ©M±Kµ¹ºô¸ô¤Wªº¨ä¥L¾÷¾¹¨Ï¥Î(¨Æ¹ê¤W³oÁÙ¬O
¥i¥H°õ¦æ¡A¦ý¬O¹ê»Ú¤W¨Ã¤£¯à¼W¥[¥ô¦ó¦w¥þ)¡C</LI>
<LI>¾÷¾¹¬O¨Ï¥Î²×ºÝ¥D¾÷¨ÓÅçÃҨϥΪ̸g¥Ñ NFS(Network File System), NIS ©Î
¬Y¨Ç¨ä¥L¤èªk¡C</LI>
<LI>¾÷¾¹¶]¨ä¥L³nÅéÅçÃҨϥΪ̥B¨S¦³¥ô¦ó shadow ª©¥»©Î­ì©l½X¥iÀò±o¡C</LI>
</UL>
<P>
<P>
<H2><A NAME="ss2.2">2.2 ®æ¦¡¤Æ /etc/passwd ÀÉ</A>
</H2>

<P>¤@­Ó non-shadowed <CODE>/etc/passwd</CODE> Àɮ榡¦p¤U©Ò¥Ü¡G
<BLOCKQUOTE><CODE>
<PRE>
username:passwd:UID:GID:full_name:directory:shell
</PRE>
</CODE></BLOCKQUOTE>

¨ä¤¤
<DL>
<DT><B><CODE>username</CODE></B><DD><P>¨Ï¥ÎªÌ(ñ¤J)¦WºÙ
<DT><B><CODE>passwd</CODE></B><DD><P>½s½X±K½X
<DT><B><CODE>UID</CODE></B><DD><P>¨Ï¥ÎªÌ½s¸¹
<DT><B><CODE>GID</CODE></B><DD><P>¹w³]¦s²Õ½s¸¹
<DT><B><CODE>full_name</CODE></B><DD><P>¨Ï¥ÎªÌ¥þ¦W - ¨Æ¹ê¤W³o­ÓÄæ¦ìºÙ§@ GECOS (General 
Electric Comprehensive Operating System) Äæ¦ì¥B¥i¥HÀx¦s¥þ¦W¥~ªº¸ê°T¡CShadow
commands and manual pages refer to this field as the comment field.
<DT><B><CODE>directory</CODE></B><DD><P>¨Ï¥ÎªÌ®Ú¥Ø¿ý (µ´¹ï¸ô®|)
<DT><B><CODE>shell</CODE></B><DD><P>¨Ï¥ÎªÌñ¤JªºÀô¹Ò (µ´¹ï¸ô®|)
</DL>

Á|¨Ò»¡©ú¡G
<BLOCKQUOTE><CODE>
<PRE>
username:Npge08pfz4wuk:503:100:Full Name:/home/username:/bin/sh
</PRE>
</CODE></BLOCKQUOTE>
¡@¤¤¡A<CODE>Np</CODE> ¬O salt ¥B <CODE>ge08pfz4wuk</CODE> ¬O<EM>½s½X</EM>±K½X¡C  
¤w½s½Xªº salt/password ´N¹³ <CODE>kbeMVnZM0oL7I</CODE> ¥B³o¨â­Ó¦r¦ê¬O¤@¼Ëªº±K½X¡C¹ï¬Û¦P
±K½X¥i¯à¦³ 4096 ºØ¥i¯àªº½s½X¡C(¥»½d¨Òªº±K½X¬O "passwaor"¡A³o¬O¤ñ¸û <EM>¤£¦n</EM> ªº±K½X)¡C
<P>
<P>¥u­n shadow suite ¤w¸g¦w¸Ë¡A <CODE>/etc/passwd</CODE> ÀɱN³Q´À¥N¦¨¡G
<BLOCKQUOTE><CODE>
<PRE>
username:x:503:100:Full Name:/home/username:/bin/sh
</PRE>
</CODE></BLOCKQUOTE>

¥»½d¨Ò¤§²Ä¤GÄæ¦ì <CODE>x</CODE> ²{¦b¥u¬O¤@­Ó¡@place holder¡C¡@<CODE>/etc/passwd</CODE>Àɪº®æ¦¡
¨Ã¥¼¯uªº§ïÅÜ¡A¥u¬O¤£¦A¥]§t <EM>½s½X</EM>±K½X¡C³oªí¥Ü¥ô¦óµ{¦¡¥i¥HŪ¨ú <CODE>/etc/passwd</CODE>
ÀÉ¡A¦ý¨Ã¤£¯uªº»Ý­n½T»{±K½X¬O¤£¬O¥¿½T¦a¹B§@¡C
<P>
<P>³o¨Ç±K½X²{¦b³Q­«·s©ñ¦b shadow ÀÉ(³q±`¬O¦b <CODE>/etc/shadow</CODE> ÀÉ)¡C
<P>
<H2><A NAME="ss2.3">2.3 ®æ¦¡¤Æ shadow ÀÉ</A>
</H2>

<P><CODE>/etc/shadow</CODE> ÀÉ¥]¬A¤U¦C¸ê°T¡G
<BLOCKQUOTE><CODE>
<PRE>
username:passwd:last:may:must:warn:expire:disable:reserved
</PRE>
</CODE></BLOCKQUOTE>

¨ä¤¤
<DL>
<DT><B><CODE>username</CODE></B><DD><P>¨Ï¥ÎªÌ¦WºÙ
<DT><B><CODE>passwd</CODE></B><DD><P>½s½X±K½X
<DT><B><CODE>last</CODE></B><DD><P>±K½X¤W¦¸§ó°Ê¤é´Á¡A¥H±q1970¦~1¤ë1¤éºâ°_ªº¤Ñ¼Æ¥Nªí
<DT><B><CODE>may</CODE></B><DD><P>±K½X§ïÅÜ«e¤Ñ¼Æ
<DT><B><CODE>must</CODE></B><DD><P>±K½X³Ì±`¨Ï¥Î¤Ñ¼Æ
<DT><B><CODE>warn</CODE></B><DD><P>¥Nªí´Á­­«e´X¤Ñ´N¨Æ¥ýĵ§i¨Ï¥ÎªÌ
<DT><B><CODE>expire</CODE></B><DD><P>¶W¹L±K½X¹L´Á¤Ñ¼Æ«á¡A´NÃö³¬¸Ó±b¸¹
<DT><B><CODE>disable</CODE></B><DD><P>±b¸¹Ãö³¬¡A¥H±q1970¦~1¤ë1¤éºâ°_ªº¤Ñ¼Æ¥Nªí
<DT><B><CODE>reserved</CODE></B><DD><P>¹w³ÆÄæ¦ì
</DL>

¨Ì·Ó¤§«e½d¨Ò±NÅܦ¨¡G
<BLOCKQUOTE><CODE>
<PRE>
username:Npge08pfz4wuk:9479:0:10000::::
</PRE>
</CODE></BLOCKQUOTE>
<P>
<H2><A NAME="ss2.4">2.4 ¦^ÅU crypt(3).</A>
</H2>

<P>±q crypt(3) ¨Ï¥ÎªÌ¤å¥ó±o¨ì¡G
<P>&quot;<EM>crypt</EM> ¬O±K½X¥[±K¤èµ{¦¡¡C
It is based on the <EM>Data Encryption Standard</EM> algorithm with variations
intended (among other things) to discourage use of hardware implementations of
a key search.
<P>[The] key ¬O¨Ï¥ÎªÌ¿é¤Jªº±K½X¡C  [½s½X¦r¦ê¥þ¬O NULLs]
<P>[The] <EM>salt</EM> ¬O±q [a-zA-Z0-9./] ¶°¦X¤¤¿ï¥Xªº¨â­Ó¦ì¤¸¦r¦ê¡C
¸Ó¦r¦ê¬O¥Î©óÂZ¶Ã¦b 4096 ºØ¤£¦P¤èªk¤§¤@­Óºtºâªk¡C
<P>³z¹L±o¨ì key ªº¨C­Ó¦ì¤¸ªº³Ì§C 7 bit[s]¡A¥i¥H«Ø¥ß 56-bit key ¡C ³o56-bit key
¬O¥Î¦b­«½Æ¥[±K¤@­Ó±`¼Æ¦r¦ê(³q±`¬O¥]§t©Ò¦³ÆFªº¦r¦ê)¡C ¶Ç¦^­È«ü¨ì¥[±K±K½X¬O¤@³s¦ê
¥i¦L¥X¤§13­Ó ASCII ¦r¤¸(³Ì«e­±ªº¤@¨â­Ó¦r¤¸ªí¥Ü salt ¥»¨­)¡C ³z¹L¨C¦¸ªº©I¥s¥i±N
¶Ç¦^ª½«ü¨ìÀRºA¸ê®Æ¡C
<P>
<P> 
<B>ĵ§i°T®§¡G</B> Key space ¥]¬A 2**56 §Yµ¥©ó 7.2e16 ¥i¯àªº­È¡C»P¥Î­«¤jªº¥­¦æ¹q¸£
±N Key space ·¥ºÉªº·j´M<B>¬O¥i¯à</B>¡C¹³ <CODE>crack(1)</CODE> ³nÅé¥Î¨Ó·j´M³¡¤Àªº¥Ñ¤H
²£¥Í¤§±K½Xªº key space ¬O¥iÀò±oªº¡C¦]¦¹¡A±K½Xªº¿ï¾Ü¦Ü¤ÖÀ³¸ÓÁקK¨Ï¥Î¤@¯ë¦r¤Î¦W¦r¡C
¤@­Ó¥Î¨ÓÀˬd¸Ñ¶}±K½X¿ï¾Üªº <CODE>passwd(1)</CODE> µ{¦¡¨Ï¥Î¬O­È±o±ÀÂ˪º¡C
<P>
<P>DES ºtºâªk¥»¨­¦³¤@¨Ç¨Ï <CODE>crypt(3)</CODE> ¦b¥ô¦ó¨ä¥L±K½XÅv­­°Ï¹j¤¶­±«Ü®t¿ï¾Üªº¨Ï¥Î
¤è­±¼@ÅÜ¡C¦pªG§A­pµe¨Ï¥Î <CODE>crypt(3)</CODE> ¤¶­±¨Ó¥[±K­pµe¡A¥H¤U´y­z¤d¸U§O³o»ò§@¡G
±o­n¤@¥»¥[±K¦n®Ñ©M¼sªxÀò±o DES µ{¦¡®w .&quot; ¤@°_¨Ï¥Î¡C
<P>¤j¦h <EM>Shadow Suites</EM> ¥]¬A 16 ¦ì¤¸ªº±K½Xªø«×¨â­¿¤§­ì©l½X¡C ¦b <CODE>des</CODE> ±M
®a«ØijÁקK¨Ï¥Î·í¶}©l¹ï¸û±`±K½X¥ý²³æªº½s½X¥ª¥bµM«á¥k¥b¡C¥Ñ©ó <CODE>crypt</CODE> ¹B§@¤èªk
¡A³o±N³y¦¨ <EM>¸û®tªº</EM> ¦w¥þ½s½X±K½X¡C°£¦¹¤§¥~¡A¨Ï¥ÎªÌ¦³¥i¯à°O¦í 16 ¦ì¤¸±K½X¬O
¤@¥ó¤ñ¸û®tªº¨Æ±¡¡C
<P>
<P>¥Ø«e¦³¤¹³\Åv­­²z½×¥Î¥H¨ú¥N¬Y¨Ç§ó¦w¥þ©M¤ä´©¸ûªø±K½X(¨Ò¦p MD5 ºtºâªk)¥B«O¦³©M
<CODE>crypt</CODE> ¤èªk¬Û®eªºµo®i¤u§@¥¿¦b¶i¦æ¡C
<P>
<P>¦pªG§A¥¿¦b´M§ä¤@¥»¥[±Kªº¦n®Ñ¡A«Øij¦p¤U¡G
<PRE>
        "Applied Cryptography: Protocols, Algorithms, and Source Code in C"
        by Bruce Schneier &lt;schneier@chinet.com>
        ISBN: 0-471-59756-2
</PRE>
<P>
<P>
<HR>
<A HREF="Shadow-Password-HOWTO-3.html">Next</A>
<A HREF="Shadow-Password-HOWTO-1.html">Previous</A>
<A HREF="Shadow-Password-HOWTO.html#toc2">Contents</A>
</BODY>
</HTML>
Shadow-Password-HOWTO-3.html0100644000014400001440000001231107110535716015402 0ustar  cwhuangusers<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=big5">
 <META NAME="GENERATOR" CONTENT="ZH-SGML-Tools 1.0.9">
 <TITLE>¦p¦ó¨ú±o¡A¦w¸Ë¡A³]©w shadow ±K½X: ¨ú±o Shadow Suite.</TITLE>
 <LINK HREF="Shadow-Password-HOWTO-4.html" REL=next>
 <LINK HREF="Shadow-Password-HOWTO-2.html" REL=previous>
 <LINK HREF="Shadow-Password-HOWTO.html#toc3" REL=contents>
</HEAD>
<BODY>
<A HREF="Shadow-Password-HOWTO-4.html">Next</A>
<A HREF="Shadow-Password-HOWTO-2.html">Previous</A>
<A HREF="Shadow-Password-HOWTO.html#toc3">Contents</A>
<HR>
<H2><A NAME="s3">3. ¨ú±o Shadow Suite.</A></H2>

<H2><A NAME="ss3.1">3.1 Shadow Suite for Linux ªº¾ú¥v(¼È¤£Â½Ä¶)</A>
</H2>

<H2><A NAME="ss3.2">3.2 History of the Shadow Suite for Linux</A>
</H2>

<P><EM>DO NOT USE THE PACKAGES IN THIS SECTION, THEY HAVE SECURITY PROBLEMS</EM>
<P>The original <EM>Shadow Suite</EM> was written by <CODE>John F. Haugh II</CODE>.
<P>There are several versions that have been used on Linux systems:
<UL>
<LI><CODE>shadow-3.3.1</CODE> is the original.</LI>
<LI><CODE>shadow-3.3.1-2</CODE> is Linux specific patch made by
<A HREF="mailto:flla@stud.uni-sb.de">Florian La Roche &lt;flla@stud.uni-sb.de></A> and contains some further
enhancements.</LI>
<LI><CODE>shadow-mk</CODE> was specifically packaged for Linux.</LI>
</UL>
<P>The <CODE>shadow-mk</CODE> package contains the <CODE>shadow-3.3.1</CODE> package
distributed by <CODE>John F. Haugh II</CODE> with the <CODE>shadow-3.3.1-2 patch</CODE> 
installed, a few fixes made by 
<A HREF="mailto:magnus@texas.net">Mohan Kokal &lt;magnus@texas.net></A>
that make installation a lot easier, a patch by <CODE>Joseph R.M. Zbiciak</CODE>
for <CODE>login1.c</CODE> (login.secure) that eliminates the -f, -h security
holes in /bin/login, and some other miscellaneous patches.
<P>The <CODE>shadow.mk</CODE> package was the <EM>previously</EM> recommended
package, but should be replaced due to a <EM>security problem</EM> with the
<CODE>login</CODE> program.
<P>There are <EM>security problems</EM> with Shadow versions 3.3.1, 3.3.1-2, 
and shadow-mk involving the <CODE>login</CODE> program.  This <CODE>login</CODE> bug 
involves not checking the length of a login name.  This causes the buffer to
overflow causing crashes or worse.  It has been rumored that this buffer
overflow can allow someone with an account on the system to use this bug and
the shared libraries to gain <EM>root</EM> access.  I won't discuss exactly 
how this is possible because there are a lot of Linux systems that are 
affected, but systems with these <EM>Shadow Suites</EM> installed, and 
most pre-ELF distributions <EM>without</EM> the <EM>Shadow Suite</EM> 
are vulnerable!
<P>For more information on this and other Linux security issues, see the 
<A HREF="http://bach.cis.temple.edu/linux/linux-security/Linux-Security-FAQ/Linux-telnetd.html">Linux Security home page (Shared Libraries and login Program Vulnerability)</A><P>
<P>
<H2><A NAME="ss3.3">3.3 ¦p¦ó¨ú±o Shadow Suite¡H</A>
</H2>

<P>¥Ø«e«Øij <EM>Shadow Suite</EM> ª©¥»¥Ø«eÁÙ¬O BETA ´ú¸Õª©¡AµM«á¡A³Ìªñª©¥»¦b¥Í²£Àô¹Ò
¬O¦w¥þªº¥B¨S¦³¥]§t©ö¨ü§ðÀ»ªº <CODE>ñ¤J(login)</CODE> µ{¦¡¡C
<P>¸Ó®M¥ó(package)¨Ï¥ÎºD¨Ò©R¦W¬°¡G
<BLOCKQUOTE><CODE>
<PRE>
shadow-YYMMDD.tar.gz
</PRE>
</CODE></BLOCKQUOTE>

¨ä¤¤ <CODE>YYMMDD</CODE> ¬OSuite ªºµo¦æ¤é´Á¡C
<P>¥Ø«e BETA ´ú¸Õª©¥»¬O <EM>Version 3.3.3</EM> ¡A¥B¥Ñ
<A HREF="mailto:marekm@i17linuxb.ists.pwr.wroc.pl">Marek Michalkiewicz  &lt;marekm@i17linuxb.ists.pwr.wroc.pl></A> ºûÅ@¡C
<P>ÁÙ¥i¥H±q¸Ó³B±o¨ì¡G
<A HREF="ftp://i17linuxb.ists.pwr.wroc.pl/pub/linux/shadow/shadow-current.tar.gz">shadow-current.tar.gz</A>.
<P>¤U¦Cºô¯¸¤]¥i¥H§ä¨ì¬ÛÃö¸ê°T¡G
<UL>
<LI>
<A HREF="ftp://ftp.icm.edu.pl/pub/Linux/shadow/shadow-current.tar.gz">ftp://ftp.icm.edu.pl/pub/Linux/shadow/shadow-current.tar.gz</A></LI>
<LI>
<A HREF="ftp://iguana.hut.fi/pub/linux/shadow/shadow-current.tar.gz">ftp://iguana.hut.fi/pub/linux/shadow/shadow-current.tar.gz</A></LI>
<LI>
<A HREF="ftp://ftp.cin.net/usr/ggallag/shadow/shadow-current.tar.gz">ftp://ftp.cin.net/usr/ggallag/shadow/shadow-current.tar.gz</A></LI>
<LI>
<A HREF="ftp://ftp.netural.com/pub/linux/shadow/shadow-current.tar.gz">ftp://ftp.netural.com/pub/linux/shadow/shadow-current.tar.gz</A></LI>
</UL>
<P>§AÀ³¸Ó¥i¥HÀò±o¥Ø«e³Ì·sªºª©¥»¡C
<P>§AÀ³¸Ó¤£­n¬O¥Î¤ñ <CODE>shadow-960129</CODE> <EM>§óÂÂ</EM>ª©¥»¡A¦]¬°¥¦­Ì¦³ <CODE>ñ¤J</CODE> 
ªº¦w¥þ°ÝÃD¡C
<P>
<P>
<P>©ó°Ñ¦Ò¸ê®Æ¤è­±¡A§Ú¥Î <CODE>shadow-960129</CODE> Àɶi¦æ¦w¸Ë¤¶²Ð¡C
<P>¦pªG§A¤§«e¨Ï¥Î <CODE>shadow-mk</CODE> ¡A§AÀ³¸Ó§ó«H³o­Óª©¥»¥B­««Ø½sĶ¡C
<P>
<H2><A NAME="ss3.4">3.4 Shadow Suite¥]§t¤°»ò¡H</A>
</H2>

<P><EM>Shadow Suite</EM> ¥]¬A¹ï¤U¦C¥\¯à¤§´À¥Nµ{¦¡¡G
<P><CODE>su, login, passwd, newgrp, chfn, chsh, and id</CODE>
<P>¸Ó®M¥óÁÙ¥]¬A·sµ{¦¡¡G
<P><CODE>chage, newusers, dpasswd, gpasswd, useradd, userdel, usermod, groupadd,
groupdel, groupmod, groups, pwck, grpck, lastlog, pwconv, and pwunconv</CODE>
<P>°£¦¹¤§¥~¡A¨ç¦¡®w¡G <CODE>libshadow.a</CODE> ¤]¥]¬A»Ý­n¦s¨ú¨Ï¥ÎªÌ±K½X¤§¼g©M½sĶµ{¦¡¡C
<P>µ{¦¡¤§¾Þ§@¤â¥U¤]¥]§t¦b¨ä¤¤¡C
<P>
<P>¤]¦³¹ïñ¤Jµ{¦¡ªº configuration file ¡A¥¦±N³Q¦w¸Ë¦b <CODE>/etc/login.defs</CODE> ÀÉ¡C
<P>
<HR>
<A HREF="Shadow-Password-HOWTO-4.html">Next</A>
<A HREF="Shadow-Password-HOWTO-2.html">Previous</A>
<A HREF="Shadow-Password-HOWTO.html#toc3">Contents</A>
</BODY>
</HTML>
Shadow-Password-HOWTO-4.html0100644000014400001440000001105407110535716015406 0ustar  cwhuangusers<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=big5">
 <META NAME="GENERATOR" CONTENT="ZH-SGML-Tools 1.0.9">
 <TITLE>¦p¦ó¨ú±o¡A¦w¸Ë¡A³]©w shadow ±K½X: ½sĶµ{¦¡</TITLE>
 <LINK HREF="Shadow-Password-HOWTO-5.html" REL=next>
 <LINK HREF="Shadow-Password-HOWTO-3.html" REL=previous>
 <LINK HREF="Shadow-Password-HOWTO.html#toc4" REL=contents>
</HEAD>
<BODY>
<A HREF="Shadow-Password-HOWTO-5.html">Next</A>
<A HREF="Shadow-Password-HOWTO-3.html">Previous</A>
<A HREF="Shadow-Password-HOWTO.html#toc4">Contents</A>
<HR>
<H2><A NAME="s4">4. ½sĶµ{¦¡</A></H2>

<H2><A NAME="ss4.1">4.1 ¸ÑÀ£ÁY</A>
</H2>

<P>¦b±µ¦¬®M¥ó«á²Ä¤@­Ó¨BÆJ´N¬O unpacking¡C¸Ó®M¥ó¬O tar Àɮ׮榡¨Ï¥Î gzip À£ÁY
¡A©Ò¥H­º¥ý±N¸ÓÀɮײ¾¨ì <CODE>/usr/src</CODE> ¡AµM«á¿é¤J¡G
<BLOCKQUOTE><CODE>
<PRE>
tar -xzvf shadow-current.tar.gz
</PRE>
</CODE></BLOCKQUOTE>
<P>³o±N·| unpack ¨ì¤@­Ó¥Ø¿ý¡G<CODE>/usr/src/shadow-YYMMDD</CODE>
<P>
<H2><A NAME="ss4.2">4.2 ³]©w config.h ÀÉ</A>
</H2>

<P>²Ä¤@¥ó¨Æ¬O§A»Ý­n½Æ»s <CODE>Makefile</CODE> ©M <CODE>config.h</CODE> ÀÉ¡G
<P>
<BLOCKQUOTE><CODE>
<PRE>
cd /usr/src/shadow-YYMMDD
cp Makefile.linux Makefile
cp config.h.linux config.h
</PRE>
</CODE></BLOCKQUOTE>
<P>
<P>µM«á§AÀ³¸Ó¯d·N <CODE>config.h</CODE> ÀÉ¡C ¸ÓÀÉ®×¥]¬A¬Y¨Ç³]©w¿ï¶µªº©w¸q¡C¦pªG§A¨Ï¥Î
<EM>«Øij</EM> ®M¥ó¡A§Ú«Øij§A¦b²Ä¤@¦¸³]©wÃö±¼ group shadow support¡C 
<P>shadowed group passwords ¹w³]­È¬O¶}±Òªº¡C ¦b <CODE>config.h</CODE> ÀÉÃö¨ì³o­Ó³]©w¡A
¥B§ïÅÜ <CODE>#define SHADOWGRP</CODE> Åܦ¨ <CODE>#undef SHADOWGRP</CODE>¡C§Ú«Øij±z¤@¶}©l
Ãö±¼¥¦­Ì¡AµM«á¦pªG§A¯uªº»Ý­n group passwords ©M group administrators ®É§A¦b
¶}±Ò¥¦­Ì©M­«·s½sĶ¡C ¦pªG§A¶}±Ò¥¦¡A §A <EM>¥²¶·</EM> «Ø¥ß  <CODE>/etc/gshadow</CODE> ÀÉ¡C
<P>
<P>¶}±Òªø±K½Xªº¿ï¶µ¤]¤£«Øij¨Ï¥Î¡C
<P><EM>¤£­n</EM> §ïÅÜ <CODE>#undef AUTOSHADOW</CODE> ªº³]©w¡C
<P><CODE>AUTOSHADOW</CODE> ¿ï¶µªì©l³]­p¬O¥Î¥HÅý shadow  ¥i¥H¹³ function ¤@¼Ë°õ¦æ¡C²z½×¤W
Å¥°_¨Ó¤£¿ù¡A¦ý¬O¨S¿ìªk¥¿½Tªº¹B§@¡C ¦pªG§A¶}±Ò³o­Ó¿ï¶µ¡A¥B³o­Óµ{¦¡¥H root Åv­­¦b°õ
¦æ¡A ¥¦·|¹³ root Åv­­°õ¦æ¤@¶µ©I¥s <CODE>getpwnam()</CODE> ¡AµM«áÅܧó
<CODE>/etc/passwd</CODE> ÀÉ (¦³<EM>no-longer-shadowed ±K½X</EM>)¡C ³oÃþµ{¦¡¥]¬A chfn 
©M chsh¡C(¦pªG root ¦b©I¥s <CODE>getpwnam()</CODE> ¤§«e¨Ï¥Î chfn ©M chsh¡A¨Ï¥ÎªÌ±b¸¹±N
¨S¦³¿ìªk¯u¹ê¥B¦³®Ä¥æ©ö¡C)
<P>
<P>¦pªG§A­n«Ø¥ß libc¡A¦P¼ËªºÄµ§i¤]¦³®Ä¡A¥¦¦³­Ó <CODE>SHADOW_COMPAT</CODE> §@¬Û¦Pªº¨Æ¡C ¥¦
<EM>¤£À³¸Ó</EM>³Q¨Ï¥Î¡I¦pªG§A¶}©l±q§Aªº <CODE>/etc/passwd</CODE> ÀÉÂ^¨ú½s½X±K½X¡A
³o·|¬O­Ó°ÝÃD¡C
<P>¦pªG§A¥¿¨Ï¥Î¤ñ 4.6.27 ÁÙ°ªªº <CODE>libc</CODE> ª©¥»¡A§A±N»Ý­n¦b <CODE>config.h</CODE> ©M
<CODE>Makefile</CODE>¨â­ÓÀÉ°µ«Ü¦h§ïÅÜ¡C
¦b <CODE>config.h</CODE> Àɪº½s¿è©M§ïÅÜ¡G
±q¡G
<BLOCKQUOTE><CODE>
<PRE>
#define HAVE_BASENAME
</PRE>
</CODE></BLOCKQUOTE>

¨ì¡G
<BLOCKQUOTE><CODE>
<PRE>
#undef HAVE_BASENAME
</PRE>
</CODE></BLOCKQUOTE>

µM«á¦b <CODE>Makefile</CODE> Àɪº§ïÅÜ¡G
<P>
<BLOCKQUOTE><CODE>
<PRE>
SOBJS = smain.o env.o entry.o susetup.o shell.o \
        sub.o mail.o motd.o sulog.o age.o tz.o hushed.o

SSRCS = smain.c env.c entry.c setup.c shell.c \
        pwent.c sub.c mail.c motd.c sulog.c shadow.c age.c pwpack.c rad64.c \
        tz.c hushed.c
</PRE>
</CODE></BLOCKQUOTE>

<BLOCKQUOTE><CODE>
<PRE>
SOBJS = smain.o env.o entry.o susetup.o shell.o \
        sub.o mail.o motd.o sulog.o age.o tz.o hushed.o basename.o

SSRCS = smain.c env.c entry.c setup.c shell.c \
        pwent.c sub.c mail.c motd.c sulog.c shadow.c age.c pwpack.c rad64.c \
        tz.c hushed.c basename.c
</PRE>
</CODE></BLOCKQUOTE>

³o¨Ç¥]§t¦b <CODE>basename.c</CODE> µ{¦¡½Xªº§ïÅܧ¡»Ý­¿¥]¬A¦b <CODE>libc 4.6.27</CODE> ¤º¡C
<P>
<P>
<H2><A NAME="ss4.3">4.3 ³Æ¥÷­ì©lµ{¦¡</A>
</H2>

<P>¦b shadow suite ­n§ó·s®É¡A»s§@µ{¦¡³Æ¥÷±N¬O¤@­Ó«Ü¦nªºÂI¤l¡C¦b Slackware 3.0 ¨t²Î¤¤¡A
³o¨ÇÀɮ׬O¡G
<P>
<UL>
<LI>/bin/su</LI>
<LI>/bin/login</LI>
<LI>/usr/bin/passwd</LI>
<LI>/usr/bin/newgrp</LI>
<LI>/usr/bin/chfn</LI>
<LI>/usr/bin/chsh</LI>
<LI>/usr/bin/id</LI>
</UL>
<P>³o BETA ®M¥ó¤w¸g¦³­Ó <EM>Àx¦s</EM> ¦b Makefile ªº¥ØªºÀÉ¡A¦ý¬O
¦]¬°¤£¦Pªºª©¥»³q±`±Nµ{¦¡©ñ¦b¤£¦Pªº¦a¤è¡A¦]¦¹±`³Q¤Hµû½×¡C
<P>§AÀ³¸Ó³Æ¥÷§Aªº <CODE>/etc/passwd</CODE> ÀÉ¡A¦ý¬O§A­n«Ü¤p¤ß¦a©R¦W¡A¤£µM¦p§Ú§A±N¥¦©ñ¦b
¬Û¦P¥Ø¿ý¡A§A±NµLªk­«¼g <CODE>passwd</CODE> ©R¥O¡C
<P>
<H2><A NAME="ss4.4">4.4 °õ¦æ make</A>
</H2>

<P><EM>§A»Ý­n¥H root Åv­­Ã±¤J¥H°õ¦æ¦w¸Ëµ{§Ç</EM>.
<P>°õ¦æ make ¨Ó½sĶ®M¥ó¤¤ªº°õ¦æÀÉ¡G
<P>
<BLOCKQUOTE><CODE>
<PRE>
make all
</PRE>
</CODE></BLOCKQUOTE>
<P>§A¥i¯à·|¬Ý¨ìĵ§i»y¡G <CODE>rcsid defined but not used</CODE>.  ³o¨SÃö«Y¡A
¦]¬°§@ªÌ¨Ï¥Îª©¥»±±¨î®M¥ó¤~·|µo¥Í¡C
<P>
<P>
<HR>
<A HREF="Shadow-Password-HOWTO-5.html">Next</A>
<A HREF="Shadow-Password-HOWTO-3.html">Previous</A>
<A HREF="Shadow-Password-HOWTO.html#toc4">Contents</A>
</BODY>
</HTML>
Shadow-Password-HOWTO-5.html0100644000014400001440000001102007110535716015400 0ustar  cwhuangusers<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=big5">
 <META NAME="GENERATOR" CONTENT="ZH-SGML-Tools 1.0.9">
 <TITLE>¦p¦ó¨ú±o¡A¦w¸Ë¡A³]©w shadow ±K½X: ¦w¸Ë</TITLE>
 <LINK HREF="Shadow-Password-HOWTO-6.html" REL=next>
 <LINK HREF="Shadow-Password-HOWTO-4.html" REL=previous>
 <LINK HREF="Shadow-Password-HOWTO.html#toc5" REL=contents>
</HEAD>
<BODY>
<A HREF="Shadow-Password-HOWTO-6.html">Next</A>
<A HREF="Shadow-Password-HOWTO-4.html">Previous</A>
<A HREF="Shadow-Password-HOWTO.html#toc5">Contents</A>
<HR>
<H2><A NAME="s5">5. ¦w¸Ë</A></H2>

<H2><A NAME="ss5.1">5.1 ¤âÃä·Ç³Æ¤@­Ó¶}¾÷¤ù</A>
</H2>

<P>¦pªG¯uªºµo¥ÍÄY­«¿ù»~¡A¦³­Ó¶}¾÷ºÏ¤ù¤§¦³¥Îªº¡C¦pªG§A­n boot/root ¦X¨Öªº¦w¸Ë¡A§A¥i¥H
°Ñ¦Ò
<A HREF="http://sunsite.unc.edu/mdw/HOWTO/Bootdisk-HOWTO.html">Bootdisk-HOWTO</A> ¥H»s§@ root ¶}¾÷¤§¶}¾÷¤ù¡C
<P>
<P>
<H2><A NAME="ss5.2">5.2 ²¾°£½Æ»sªº man pages</A>
</H2>

<P>§A¤]À³¸Ó±N¾Þ§@¤â¥U§ó·s¡A§Y¨Ï§A«Ü¼F®`¨ì¨¬¥H¤£¥Î³Æ¥÷¦w¸Ë Shadow Suite¡A§A¤´µM­n±N
±Nªº¾Þ§@¤â¥U²¾°£¡A¦]¬°·sª©ªº¾Þ§@¤â¥UµLªk¥¿±`ªºÂл\ª©¥»¡C
<P>§A¥i¥H¨Ï¥Î¤@­Ó²Õ¦X¡G <CODE>man -aW ©R¥O</CODE> ©M <CODE>locate ©R¥O</CODE> ´M§ä»Ý³Æ²¾°£
ªº¾Þ§@¤â¥U¡C¦b§A°õ¦æ <CODE>make install</CODE> «e§ä¥X¸ûª©¥»¤ñ¸û®e©ö¡C
<P>¦pªG§A¨Ï¥Î Slackware 3.0 ª©¥»¡AµM«á§A­n²¾°£ªº¾Þ§@¤â¥U¬O¡G
<UL>
<LI>/usr/man/man1/chfn.1.gz</LI>
<LI>/usr/man/man1/chsh.1.gz</LI>
<LI>/usr/man/man1/id.1.gz</LI>
<LI>/usr/man/man1/login.1.gz</LI>
<LI>/usr/man/man1/passwd.1.gz</LI>
<LI>/usr/man/man1/su.1.gz</LI>
<LI>/usr/man/man5/passwd.5.gz</LI>
</UL>
<P>¦b <CODE>/var/man/cat[1-9]</CODE> ¦¸¥Ø¿ý¤]¦³¬Û¦Pªº¦W¦r»Ý­n³Q§R°£¡C
<P>
<H2><A NAME="ss5.3">5.3 °õ¦æ make install</A>
</H2>

<P>²{¦b§A¤w¸g·Ç³Æ­n¿é¤J¡G (¥H root Åv­­°õ¦æ)
<BLOCKQUOTE><CODE>
<PRE>
make install
</PRE>
</CODE></BLOCKQUOTE>
<P>³o±N¦w¸Ë³Ì·s©M§ó·sµ{¦¡¥B­×´_Àɮ׳\¥iÅv¡C¥¦¤]·|¦w¸Ë¾Þ§@¤â¥U¡C
<P>³o¤]±N¦b¦w¸Ë®É¦Ò¼{±N Shadow Suite ¥]§tÀɮשñ¦b¥¿½Tªº¦ì¸m <CODE>/usr/include/shadow</CODE> ¡C
<P>
<P>¨Ï¥Î BETA ®M¥ó¡A§A»Ý­n¤â°Ê½Æ»s <CODE>login.defs</CODE> ³o­ÓÀɨì <CODE>/etc</CODE> ³o­Ó¥Ø¿ý¤U¡A
¦Ó¥B­n½T»{¥u¦³ <EM>root</EM> Åv­­¥i¥H§ïÅÜ¥¦¡C
<P>
<BLOCKQUOTE><CODE>
<PRE>
cp login.defs /etc
chmod 700 /etc/login.defs
</PRE>
</CODE></BLOCKQUOTE>
<P>³o­ÓÀɮ׬O <EM>ñ¤J</EM> µ{¦¡ªº configuration file¡C §AÀ³¸ÓÀˬd¸ò½T©w³o­ÓÀɪº§ïÅܪ¬ªp¡C
³o¬O§A¨M©w­þ­Ó  tty ªº root ¥i¥H±q­þ¸Ìñ¤J©M³]©w¨ä¥L¦w¥þ¤è°wªº¦a¤è(¹³¹w³]±K½Xªº¨ì´Á¤é)¡C
<P>
<H2><A NAME="ss5.4">5.4 °õ¦æ pwconv</A>
</H2>

<P>±µ¤U¨Óªº¨BÆJ¬O°õ¦æ <CODE>pwconv</CODE>¡C  ³o¤]»Ý¥H <EM>root</EM>°õ¦æ¥B³Ì¦n¦b <CODE>/etc</CODE> 
¥Ø¿ý¤U°õ¦æ¡G
<BLOCKQUOTE><CODE>
<PRE>
cd /etc
/usr/sbin/pwconv
</PRE>
</CODE></BLOCKQUOTE>
<P><CODE>pwconv</CODE> Â^¨ú§Aªº <CODE>/etc/passwd</CODE> ÀÉ¥B§R°£¬Y¨ÇÄæ¦ì¬°¤F«Ø¥ß¨â­ÓÀɮסG
<CODE>/etc/npasswd</CODE> ©M <CODE>/etc/nshadow</CODE>.
<P>¤@­Ó <CODE>pwunconv</CODE> ¤]´£¨Ñ§A«Ø¥ß¤@­Ó <CODE>/etc/passwd</CODE> ©M <CODE>/etc/shadow</CODE> 
²Õ¦Xªº¥¿±` <CODE>/etc/passwd</CODE> ÀɮסC
<P>
<H2><A NAME="ss5.5">5.5 ­«·s©R¦W npasswd ©M nshadow</A>
</H2>

<P>²{¦b§A¤w¸g°õ¦æ <CODE>pwconv</CODE> ¡A¦Ó¥B§A¤w¸g«Ø¥ß <CODE>/etc/npasswd</CODE> ©M
<CODE>/etc/nshadow</CODE> ÀɮסC³o»Ý­n½Æ»s¨ì <CODE>/etc/passwd</CODE> ©M <CODE>/etc/shadow</CODE>
ÀÉ¡C §Ú­Ì¤]»Ý­n½Æ»s­ì©l <CODE>/etc/passwd</CODE> ÀÉ¡A¦Ó¥B½T©w¥u¦³ root ¥i¥HŪ¥¦¡C
§Ú­Ì±N¸ÓÀɮשñ¦b root ±o®Ú¥Ø¿ý¡G
<P>
<BLOCKQUOTE><CODE>
<PRE>
cd /etc
cp passwd ~passwd
chmod 600 ~passwd
mv npasswd passwd
mv nshadow shadow
</PRE>
</CODE></BLOCKQUOTE>
<P>§A¤]À³¸Ó½T©wÀɮתº¾Ö¦³ªÌ¸ò¦s¨úÅv­­¬O¥¿½Tªº¡C ¦pªG§A±N­n¨Ï¥Î <EM>X-Windows</EM> ¡A
<CODE>xlock</CODE> ©M <CODE>xdm</CODE> ¥i¯à»Ý­nŪ¨ú <CODE>shadow</CODE> ÀÉ(¦ý»Ý¤£­n¼g¤J¸ÓÀÉ)¡C
<P>¦³¨â­Ó¤èªk¥i¥H°µ¡C §A¥i¥H³]©w <CODE>xlock</CODE> ªº suid ¬O root (<CODE>xdm</CODE>  ³q±`¥H
root Åv­­°õ¦æ)¡C ©ÎªÌ§A¥i¥H¨Ï root ¦¨¬° <CODE>shadow</CODE> ªº¸s²Õ¥i¥H¾Ö¦³ <CODE>shadow</CODE> ÀÉ
¡A¦ý¬O¦b§@³o¤§«e¡A­n½T©w§A¤w¸g¦³­Ó shadow group (¥i¥H¦b <CODE>/etc/group</CODE> Àɬݨì)¡C
¤£À³§ï¦³¥ô¦ó¨Ï¥ÎªÌ¯uªº¦b  shadow group ¡C
<P>
<BLOCKQUOTE><CODE>
<PRE>
chown root.root passwd
chown root.shadow shadow
chmod 0644 passwd
chmod 0640 shadow
</PRE>
</CODE></BLOCKQUOTE>
<P>§Aªº¨t²Î²{¦b¦³ shadow ªº±K½XÀÉÅo¡C §A²{¦b <EM>À³¸Ó</EM> ­«¶}¤@­Ó²×ºÝ¾÷µøµ¡©M½T»{§A
¥i¥Hñ¤J(login)¡C
<P><EM>½Ð°¨¤W½T¹êªº§@³o¥ó¨Æ¡I</EM>
<P>¦p¹L§A¤£¯à¡A¥i¯à¬Y¨Ç¨Æ±¡¦³¿ù»~Åo¡I ¬°¤F­n¦^¨ì to a non-shadowed ª¬ºA¡A½Ð§@¤U¦C¨BÆJ¡G
<P>
<BLOCKQUOTE><CODE>
<PRE>
cd /etc
cp ~passwd passwd
chmod 644 passwd
</PRE>
</CODE></BLOCKQUOTE>
<P>§A±N­«·sÀx¦s³o¨ÇÀɮרì¥ý«e§AÀx¦s¥¦­Ìªº¥¿½T¦ì¸m¡C
<P>
<P>
<HR>
<A HREF="Shadow-Password-HOWTO-6.html">Next</A>
<A HREF="Shadow-Password-HOWTO-4.html">Previous</A>
<A HREF="Shadow-Password-HOWTO.html#toc5">Contents</A>
</BODY>
</HTML>
Shadow-Password-HOWTO-6.html0100644000014400001440000002702307110535716015413 0ustar  cwhuangusers<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=big5">
 <META NAME="GENERATOR" CONTENT="ZH-SGML-Tools 1.0.9">
 <TITLE>¦p¦ó¨ú±o¡A¦w¸Ë¡A³]©w shadow ±K½X: ¨ä¥L§A»Ý­n¤É¯Å(upgrade)©Î¸É±j(patch)µ{¦¡</TITLE>
 <LINK HREF="Shadow-Password-HOWTO-7.html" REL=next>
 <LINK HREF="Shadow-Password-HOWTO-5.html" REL=previous>
 <LINK HREF="Shadow-Password-HOWTO.html#toc6" REL=contents>
</HEAD>
<BODY>
<A HREF="Shadow-Password-HOWTO-7.html">Next</A>
<A HREF="Shadow-Password-HOWTO-5.html">Previous</A>
<A HREF="Shadow-Password-HOWTO.html#toc6">Contents</A>
<HR>
<H2><A NAME="s6">6. ¨ä¥L§A»Ý­n¤É¯Å(upgrade)©Î¸É±j(patch)µ{¦¡</A></H2>

<P>§Y¨Ï shadow suite ¹ï¤j³¡¤À»Ý­n¦s¨ú±K½XÀɪºµ{¦¡¥i¥H¥]§t§ó·sµ{¦¡¡A¦ý¬O¤´¦³¤@¨Ç»Ý­n
¦s¨ú±K½XÀɪºÃB¥~µ{¦¡¦b¨t²Î¤¤¡C
<P>¦pªG§A¥¿°õ¦æ <EM>Debian ª©¥»</EM>  (©ÎªÌ§Y¨Ï§A¤£¬O)¡A§A¥i¥H§ä¨ì Debian »Ý­n rebuild 
ªº­ì©l½X¡G
ftp://ftp.debian.org/debian/stable/source/
<P>³o¸`³Ñ¾lªº³¡¤À¦b°Q½×§ó·s <CODE>adduser</CODE>, <CODE>wu_ftpd</CODE>, <CODE>ftpd</CODE>,
<CODE>pop3d</CODE>, <CODE>xlock</CODE>,<CODE>xdm</CODE> ©M <CODE>sudo</CODE> µ{¦¡¥H«K©óÅý³o¨Çµ{¦¡¤ä´©
shadow suite¡C
<P>½Ð¬Ý 
<A HREF="Shadow-Password-HOWTO-8.html#sec-adding">Adding Shadow Support to a C program</A> ³o¸`¡A¥D­n¬O¦b
°Q½×¦p¦ó±N shadow ¤ä´©©ñ¨ì¨ä¥L»Ý­nµ{¦¡(ÁöµM³o¨Çµ{¦¡»Ý­n¥H SUID root °õ¦æ©Î SGID shadow
»Ý¥¿½T¦s¨ú shadow ÀÉ)¡C
<P>
<H2><A NAME="ss6.1">6.1 Slackware adduser µ{¦¡</A>
</H2>

<P>Slackware ª©¥»¥]§t¤@­Ó·s¼W¨Ï¥ÎªÌªº¥æ¤¬µ{¦¡¥s°µ <CODE>/sbin/adduser</CODE>¡C¸Óµ{¦¡ªº shadow
ª©¥»¥i¥H¦b 
<A HREF="ftp://sunsite.unc.edu/pub/Linux/system/ Admin/accounts/adduser.shadow-1.4.tgz">ftp://sunsite.unc.edu/pub/Linux/system/ Admin/accounts/adduser.shadow-1.4.tar.gz</A>§ä¨ì¡C
<P>§Ú«Ü¹ªÀy§A¨Ï¥Î <EM>Shadow Suite</EM> ¨ÑÀ³ªºµ{¦¡(¨Ò¦p<CODE>useradd</CODE>, <CODE>usermod</CODE>, 
©M <CODE>userdel</CODE>) ¨Ó¨ú¥N slackware ªº<CODE>adduser</CODE> µ{¦¡¡C ¥¦­Ì¥u»Ýªá¤@ÂI®É¶¡¾Ç²ß
¡A¦ý¬O¥¦±N­È±oªº¡A¦]¬°§A¥i¥H¬Ý¨ì§ó¦h±±¨î©M¦b¥¿½T®i²{Âê¦í <CODE>/etc/passwd</CODE> ©M 
<CODE>/etc/shadow</CODE> ªºÀÉ®×(<CODE>adduser</CODE> ´N¨S¦³¿ìªkÅo)¡C
<P>
<P>°Ñ¦Ò
<A HREF="Shadow-Password-HOWTO-7.html#sec-work">Putting the Shadow Suite to use</A> ¸Ó¸`±o¨ì§ó¦h¬ÛÃö¸ê°T¡C
<P>
<P>¦ý¬O¦pªG§A¤w¸g¾Ö¦³Åo¡A±µ¤U¨Ó¬O§A­n°µªº³¡¤À¡G
<P>
<BLOCKQUOTE><CODE>
<PRE>
tar -xzvf adduser.shadow-1.4.tar.gz
cd adduser
make clean
make adduser
chmod 700 adduser
cp adduser /sbin
</PRE>
</CODE></BLOCKQUOTE>
<P>
<H2><A NAME="ss6.2">6.2 wu_ftpd Server</A>
</H2>

<P>¤j³¡¤Àªº Linux ¨t²Î³£¦³ <CODE>wu_ftpd</CODE> server¡C ¦pªG§Aªºª©¥»¨S¦³ªþ±a shadow ¦w¸Ë¡A
¨º»ò§Aªº <CODE>wu_ftpd</CODE> ´N¨S¦³¿ìªk¹ï shadow ½sĶ¡C <CODE>wu_ftpd</CODE> ¬O±q 
<CODE>inetd/tcpd</CODE> ¶}©l¥B¥H <EM>root</EM> Åv­­°õ¦æªºµ{¦¡¡C ¦pªG§A¥¿¦b¶]¤@­Óª©ªº
<CODE>wu_ftpd</CODE> daemon¡A µL½×¦p¦ó§A±N­n§ó·s¥¦¦]¬°¸ûª©¥»¦³ bug ±N¦M¤Î <EM>root</EM> 
Åv­­¡C(°Ñ¦Ò 
<A HREF="http://bach.cis.temple.edu/linux/linux-security/Linux-Security-FAQ/Linux-wu.ftpd-2.4-Update.html">Linux security home page</A>
±o¨ì§ó¦h¬ÛÃö¸ê°T)¡C
<P>
<P>©¯¹Bªº¬O§A¥u»Ý­n¨úªº¦³´O¤J shaow ªº­ì©l½X©M­«·s½sĶ´N¥i¥HÅo¡I
<P>¦pªG§A¤£¬O¥¿¦b°õ¦æ ELF ¨t²Î¡A <CODE>wu_ftp</CODE> server ¥i¥H±q Sunsite ºô§}
<A HREF="ftp://sunsite.unc.edu/pub/Linux/system/Network/file-transfer/wu-ftpd-2.4-fixed.tar.gz">wu-ftp-2.4-fixed.tar.gz</A> §ä¨ì¡C
<P>·í§AÀò±o³o­Ó server¡A§â¥¦©ñ¦b <CODE>/usr/src</CODE>¥Ø¿ý¡AµM«á¿é¤J¡G
<P>
<BLOCKQUOTE><CODE>
<PRE>
cd /usr/src
tar -xzvf wu-ftpd-2.4-fixed.tar.gz
cd wu-ftpd-2.4-fixed
cp ./src/config/config.lnx.shadow ./src/config/config.lnx
</PRE>
</CODE></BLOCKQUOTE>
<P>µM«á½s¿è <CODE>./src/makefiles/Makefile.lnx</CODE>¡A©M§ïÅÜ
<BLOCKQUOTE><CODE>
<PRE>
LIBES    = -lbsd -support
</PRE>
</CODE></BLOCKQUOTE>
 
³o¤@¦æ¨ì¡G
<BLOCKQUOTE><CODE>
<PRE>
LIBES    = -lbsd -support -lshadow
</PRE>
</CODE></BLOCKQUOTE>
<P>²{¦b§A¤w¸g·Ç³Æ¦n°õ¦æ script «Ø¥ß¸ò¦w¸Ë¡G
<P>
<BLOCKQUOTE><CODE>
<PRE>
cd /usr/src/wu-ftpd-2.4-fixed
/usr/src/wu-ftp-2.4.fixed/build lnx
cp /usr/sbin/wu.ftpd /usr/sbin/wu.ftpd.old
cp ./bin/ftpd /usr/sbin/wu.ftpd
</PRE>
</CODE></BLOCKQUOTE>
 
<P>³o¬O¥Î¦b Linux shadow configuration file¡B½sĶ©M¦w¸Ë server¡C
<P>¦b§Úªº Slackware 2.3 ¨t²Î¡A§Ú¤]»Ý­n¦b°õ¦æ«e§@¤U¦C¨BÆJ¡G
<P><CODE>build</CODE>:
<BLOCKQUOTE><CODE>
<PRE>
cd /usr/include/netinet
ln -s in_systm.h in_system.h
cd -
</PRE>
</CODE></BLOCKQUOTE>
<P>¦b ELF ¨t²Î¤U·|¦³½sĶ°ÝÃDªº³ø§i¡A¦ý¬O¤U¤@ª©ªº Beta ª©«h¥i¥H¥¿½Tªº°õ¦æ¡C
¥i¥H±q 
<A HREF="ftp://tscnet.com/pub/linux/network/ftp/wu-ftpd-2.4.2-beta-10.tar.gz">wu-ftp-2.4.2-beta-10.tar.gz</A> §ä¨ì¡C
<P>·í§AÀò±o³o­Ó server¡A§â¥¦©ñ¦b <CODE>/usr/src</CODE>¥Ø¿ý¡AµM«á¿é¤J¡G
<BLOCKQUOTE><CODE>
<PRE>
cd /usr/src
tar -xzvf wu-ftpd-2.4.2-beta-9.tar.gz
cd wu-ftpd-beta-9
cd ./src/config
</PRE>
</CODE></BLOCKQUOTE>
<P>µM«á½s¿è <CODE>config.lnx</CODE>¡A©M§ïÅÜ¡G
<BLOCKQUOTE><CODE>
<PRE>
#undef SHADOW.PASSWORD
</PRE>
</CODE></BLOCKQUOTE>

³o¤@¦æ¨ì¡G
<BLOCKQUOTE><CODE>
<PRE>
#define SHADOW.PASSWORD
</PRE>
</CODE></BLOCKQUOTE>

µM«á¡A
<BLOCKQUOTE><CODE>
<PRE>
cd ../Makefiles
</PRE>
</CODE></BLOCKQUOTE>

¥B½s¿è <CODE>Makefile.lnx</CODE> ÀÉ©M§ïÅÜ
<P>
<BLOCKQUOTE><CODE>
<PRE>
LIBES = -lsupport -lbsd # -lshadow
</PRE>
</CODE></BLOCKQUOTE>

³o¤@¦æ¨ì¡G
<BLOCKQUOTE><CODE>
<PRE>
LIBES = -lsupport -lbsd -lshadow
</PRE>
</CODE></BLOCKQUOTE>

µM«á«Ø¥ß(build)©M¦w¸Ë(install)¡G
<BLOCKQUOTE><CODE>
<PRE>
cd ..
build lnx
cp /usr/sbin/wu.ftpd /usr/sbin/wu.ftpd.old
cp ./bin/ftpd /usr/sbin/wu.ftpd
</PRE>
</CODE></BLOCKQUOTE>
 
<P>µù¡G§AÀ³¸ÓÀˬd§Aªº <CODE>/etc/inetd.conf</CODE> ÀɨӽT»{§Aªº wu.ftpd server ¬O¤£¬O¯uªº¬¡µÛ¡C
¦³¨Çª©¥»¥i¯à±N  server daemons ©ñ¦b¤£¦Pªº¦a¤è©Î¥Î¤£¦Pªº¦W¦rªí¥Ü¡C
<P>
<H2><A NAME="ss6.3">6.3 ¼Ð·Ç ftpd</A>
</H2>

<P>¦pªG§A¥¿¦b°õ¦æ¼Ð·Çªº <CODE>ftpd</CODE> server¡A§Ú±N«Øij§A§ó·s <CODE>wu_ftpd</CODE> server¡C
Â÷¶}¤W­zªº bug ¡A¨t²Î·|¤ñ¸û¦w¥þ¡C
<P>¦pªG§A°í«ù¦b¼Ð·Ç¼Ò¦¡¡A©ÎªÌ§A»Ý­n <EM>NIS</EM> ¤ä´©¡A¦b Sunsite  
<A HREF="ftp://sunsite.unc.edu/pub/Linux/system/Network/file-transfer/ftpd-shadow-nis.tgz">ftpd-shadow-nis.tgz</A> ¦³°Ñ¦Ò¸ê®Æ¡C
<P>
<H2><A NAME="ss6.4">6.4 pop3d (Post Office Protocol 3)</A>
</H2>

<P>¦pªG§A»Ý­n¤ä´©²Ä¤Tª© <EM>Post Office Protocol (POP3)</EM>¡A§A±N»Ý­n­«·s½sĶ <CODE>pop3d</CODE>
µ{¦¡¡C <CODE>pop3d</CODE> ¥i¥H³z¹L <CODE>inetd/tcpd</CODE> ¥H <CODE>root</CODE> Åv­­¥¿±`ªº°õ¦æ¡C
<P>±q Sunsite ¦³¨â­Óª©¥»¥i¥HÀò±o¡G 
<A HREF="ftp://sunsite.unc.edu/pub/Linux/system/Mail/pop/pop3d-1.00.4.linux.shadow.tar.gz">pop3d-1.00.4.linux.shadow.tar.gz</A>
©M
<A HREF="ftp://sunsite.unc.edu/pub/Linux/system/Mail/pop/pop3d+shadow+elf.tar.gz">pop3d+shadow+elf.tar.gz</A><P>³o¨â­Ó³£«Ü²³æ¥i¥H¦w¸Ë¡C
<P>
<H2><A NAME="ss6.5">6.5 xlock</A>
</H2>

<P>
<P>¦pªG§A¦w¸Ë shadow suite¡AµM«á°õ¦æ <EM>X Windows System</EM> ©M  
lock ¿Ã¹õ¨S¥H§ó·s§Aªº <CODE>xlock</CODE> ÀÉ¡A §A±N¥²¶·¨Ï¥Î <CODE>CNTL-ALT-Fx</CODE> ¥h¤Á´«
¥t¤@­Ó <EM>tty</EM>¡Añ¤J(login)©M±þ±¼(kill) <CODE>xlock</CODE> process 
(©Î¨Ï¥Î <CODE>CNTL-ALT-BS</CODE> ±þ±¼ X server)¡C
«Ü©¯¹Bªº³o¤]«Ü®e©ö¥i¥H§ó·s§Aªº <CODE>xlock</CODE> µ{¦¡¡C
<P>¦pªG§A¥¿°õ¦æ XFree86 Versions 3.x.x¡A¥B¥¿¥¿½T¨Ï¥Î
<CODE>xlockmore</CODE> (¬O¤@­Ó«Ü´Îªº¿Ã¹õ«OÅ@µ{¦¡).
³o­Ó®M¥ó¤ä´© <EM>shadow</EM>¡A¥u­n­«·s½sĶ§Y¥i¡C¦pªG§A¦³¥ô¦ó¸û¦Ñªº <CODE>xlock</CODE>
ª©¥»¡A§Ú«Øij§A§ó·s¤U¦Cª©¥»¡G
<P><CODE>xlockmore-3.5.tgz</CODE> ¥i¥H±q
<A HREF="ftp://sunsite.unc.edu/pub/Linux/X11/xutils/screensavers/xlockmore-3.7.tgz">ftp://sunsite.unc.edu/pub/Linux/X11/xutils/screensavers/xlockmore-3.7.tgz</A>
ºô¯¸Àò±o¡C
<P>°ò¥»¤W³o¬O§A©Ò­nªº¡C
<P>Â^¨ú <CODE>xlockmore-3.7.tgz</CODE> ¡A¨Ã±N¥¦©ñ¦b <CODE>/usr/src</CODE> ¥Ø¿ý¨Ã¸ÑÀ£ÁY¡G
<BLOCKQUOTE><CODE>
<PRE>
tar -xzvf xlockmore-3.7.tgz
</PRE>
</CODE></BLOCKQUOTE>
<P>½s¿è³o­ÓÀÉ¡G <CODE>/usr/X11R6/lib/X11/config/linux.cf</CODE>, ©M§ïÅÜ
<BLOCKQUOTE><CODE>
<PRE>
#define HasShadowPasswd    NO

³o¤@¦æ¨ì¡G

#define HasShadowPasswd    YES
</PRE>
</CODE></BLOCKQUOTE>
<P>µM«á«Ø¥ß¥i°õ¦æÀÉ¡G
<BLOCKQUOTE><CODE>
<PRE>
cd /usr/src/xlockmore
xmkmf
make depend
make
</PRE>
</CODE></BLOCKQUOTE>
<P>µM«á·h²¾©Ò¥HÀɮר쥿½T¥Ø¿ý¥B§ó·sÀÉ®×¾Ö¦³ªÌ¤Î°õ¦æÅv­­¡G
<P>
<BLOCKQUOTE><CODE>
<PRE>
cp xlock /usr/X11R6/bin/
cp XLock /var/X11R6/lib/app-defaults/
chown root.shadow /usr/X11R6/bin/xlock
chmod 2755 /usr/X11R6/bin/xlock
chown root.shadow /etc/shadow
chmod 640 /etc/shadow
</PRE>
</CODE></BLOCKQUOTE>
<P>
<P>§Aªº xlock ±N¥i¥H¥¿½Tªº¹B§@Åo¡I
<P>
<H2><A NAME="ss6.6">6.6 xdm</A>
</H2>

<P><CODE>xdm</CODE> ¬O¤@­Ó¥i¥Hªí¥Ü¦b X-Windows ñ¤Jµe­±ªºµ{¦¡¡C¬Y¨Ç¨t²Î¶}©l <CODE>xdm</CODE> 
·í¨t²Î³Q§iª¾¹D¤@­Ó¯S©wªº°õ¦æ¤ô·Ç(°Ñ¦Ò <CODE>/etc/inittab</CODE>)¡C
<P>
<P>¦ñÀHµÛ <EM>Shadow Suite</EM> ¦w¸Ë¡A <CODE>xdm</CODE> »Ý­n³Q§ó·s¡C
«Ü©¯¹Bªº³o¤]«Ü®e©ö¥i¥H§ó·s§Aªº <CODE>xdm</CODE> µ{¦¡¡C
<P>
<P>
<P><CODE>xdm.tar.gz</CODE> ¥i¥H±q¤U¦Cºô§}Àò±o¡G
<A HREF="ftp://sunsite.unc.edu/pub/Linux/X11/xutils/xdm.tar.gz">ftp://sunsite.unc.edu/pub/Linux/X11/xutils/xdm.tar.gz</A><P>Â^¨ú <CODE>xdm.tar.gz</CODE> ÀɨñN¥¦©ñ¦b <CODE>/usr/src</CODE>¥Ø¿ýµM«á¸ÑÀ£ÁY¡G
<BLOCKQUOTE><CODE>
<PRE>
tar -xzvf xdm.tar.gz
</PRE>
</CODE></BLOCKQUOTE>
<P>½s¿è³o­ÓÀÉ¡G <CODE>/usr/X11R6/lib/X11/config/linux.cf</CODE>¡A¥B§ïÅÜ
<BLOCKQUOTE><CODE>
<PRE>
#define HasShadowPasswd    NO

³o¤@¦æ¨ì¡G

#define HasShadowPasswd    YES
</PRE>
</CODE></BLOCKQUOTE>
<P>µM«á«Ø¥ß¥i°õ¦æÀÉ¡G
<BLOCKQUOTE><CODE>
<PRE>
cd /usr/src/xdm
xmkmf
make depend
make
</PRE>
</CODE></BLOCKQUOTE>
<P>µM«á·h²¾©Ò¦³ÀÉ®×¥¿½T¥Ø¿ý¡G
<BLOCKQUOTE><CODE>
<PRE>
cp xdm /usr/X11R6/bin/
</PRE>
</CODE></BLOCKQUOTE>
<P><CODE>xdm</CODE> ¥H <EM>root</EM> Åv­­¦b°õ¦æ¡A©Ò¥H§A¤£»Ý­n§ïÅÜÀɮצs¨úÅv­­¡C
<P>
<P>
<H2><A NAME="ss6.7">6.7 sudo</A>
</H2>

<P><CODE>sudo</CODE> µ{¦¡¤¹³\¨t²ÎºÞ²z­ûÅý¨Ï¥ÎªÌ¥i¥H¥H root Åv­­¥¿±`ªº°õ¦æµ{¦¡¡C
³o¬O«D±`¤è«Kªº¦]¬°¥¦¥i¥H­­¨îºÞ²zªÌ°õ¦æ root ±b¸¹¥»¨­Åv­­¡AÁÙ¥i¥H¤¹³\¨Ï¥ÎªÌ§@
¹³ mounte drives ªº¨Æ±¡¡C
<P><CODE>sudo</CODE> »Ý­nŪ¨ú±K½X¦]¬°¦b°õ¦æ®É»Ý½T»{¨Ï¥ÎªÌ±K½X¡C <CODE>sudo</CODE> ¤w¸g°õ¦æ SUID root¡A
©Ò¥H¦s¨ú <CODE>/etc/shadow</CODE> ÄÒ¤£¬O°ÝÃD¡C
<P><CODE>sudo</CODE> ¤ä´© shadow suite ¥i¦b¤U¦Cºô§}¨ú±o¡G
<A HREF="ftp://sunsite.unc.edu/pub/Linux/system/Admin/sudo-1.2-shadow.tgz">ftp://sunsite.unc.edu/pub/Linux/system/Admin/sudo-1.2-shadow.tgz</A><P><EM>ĵ§i</EM>¡G·í§A¦w¸Ë <CODE>sudo</CODE> §Aªº <CODE>/etc/sudoers</CODE> ÀɱN¨ú¥N¹w³]­È¡A©Ò¥H§A
»Ý­n³Æ¥÷­ì©lµ{¦¡¡C¦pªG§A¦³®a¥ô¦ó³]©w¦b¹w³]µ{¦¡¡A§A¥i¯à­n½s¿è Makefile ¥B²¾°£½Æ»s¸ÓÀɨì
<CODE>/etc</CODE> ªº³o¦æ¡C
<P>
<P>¸Ó®M¥ó¤w¸g¹ï shadow ¶i¦æ³]©w¡A©Ò¥H¥u­n­«·s½sĶ¸Ó®M¥ó§Y¥i (§â¥¦©ñ¦b <CODE>/usr/src</CODE> ¥Ø¿ý)¡G
<BLOCKQUOTE><CODE>
<PRE>
cd /usr/src
tar -xzvf sudo-1.2-shadow.tgz
cd sudo-1.2-shadow
make all
make install
</PRE>
</CODE></BLOCKQUOTE>
<P>
<H2><A NAME="ss6.8">6.8 imapd (E-Mail [pine package])</A>
</H2>

<P><CODE>imapd</CODE> ¬O¤@­Ó¹³ <CODE>pop3d</CODE> ªº email server¡C 
<CODE>imapd</CODE> ÀHµÛ <EM>Pine E-mail</EM> ®M¥óµo¥Í¡C ¨ä¾Þ§@¤â¥U¦b¤¶²Ð¸Ó®M¥ó®É§Y¥]§t
shadow ¤ä´©¡CµM¦Ó¡A§Úµo²{³o¤£¥þµM¥¿½T¡C ¦A¥[¤W¦b½sĶ®É¥[¤W  <CODE>libshadow.a</CODE> ¨ç¦¡®w
©M¸Ó®M¥óµ²¦X build script / Makefile ¬O«D±`¤£®e©öªº¡C©Ò¥H¹ï <CODE>imapd</CODE> ¥[¤J shadow
¤ä´©¬O¤£¤Ó¥i¯àªº¡C
<P>
<P>¦pªG¦³¥ô¦óµª®×¡A¥i¥H Email µ¹§Ú¡A§Ú·|±N¸Ó¸Ñµª©ñ¨ì³o¸Ì¡C
<P>
<H2><A NAME="ss6.9">6.9 pppd (Point-to-Point Protocol Server)</A>
</H2>

<P>pppd server ¥i¥H¨Ï¥Î´XºØÅv­­³]©w¡G
<EM>Password Authentication Protocol</EM> (PAP) ©M <EM>Cryptographic
Handshake Authentication Protocol</EM> (CHAP)¡C   pppd server ±q
<CODE>/etc/ppp/chap-secrets</CODE> ©M/©Î <CODE>/etc/ppp/pap-secrets</CODE> ÀÉŪ¨ú±K½X¦r¦ê¡C
¦pªG§A¥¿¨Ï¥Î¹w³] pppd ªº°õ¦æ¡A´N¨S¦³¥²­n¦A­«·s¦w¸Ë pppd ¡C
<P>pppd ¥H¤¹³\§A¨Ï¥Î <EM>login</EM> °Ñ¼Æ¡C ¦pªG <EM>login</EM> ¿ï¶µ³Q¿ï¨ú¡A
pppd ±N¨Ï¥Î <CODE>/etc/passwd</CODE> Àɪº±b¸¹±K½Xµ¹ <EM>PAP</EM>. ·íµM¦b¤£¤[±K½XÀÉ·|¬O 
shadowedm¡Cpppd-1.2.1d Àɤw¸g¥[¤J¹ï shadow ªº¤ä´©¡C
<P>
<P>¤U¤@¸`¥[¤J¤ä´© shadow ªº½d¨Ò¬O°w¹ï
<CODE>pppd-1.2.1d</CODE> (¤@­Ó¸û¦Ñª©¥»ªº pppd).
<P><CODE>pppd-2.2.0</CODE> ª©´N¤w¸g¥]¬A shadow ¤ä´©Åo¡C
<P>
<HR>
<A HREF="Shadow-Password-HOWTO-7.html">Next</A>
<A HREF="Shadow-Password-HOWTO-5.html">Previous</A>
<A HREF="Shadow-Password-HOWTO.html#toc6">Contents</A>
</BODY>
</HTML>
Shadow-Password-HOWTO-7.html0100644000014400001440000003270007110535716015412 0ustar  cwhuangusers<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=big5">
 <META NAME="GENERATOR" CONTENT="ZH-SGML-Tools 1.0.9">
 <TITLE>¦p¦ó¨ú±o¡A¦w¸Ë¡A³]©w shadow ±K½X: ±N Shadow Suite ©ñ¶i¨Ó¨Ï¥Î¡C</TITLE>
 <LINK HREF="Shadow-Password-HOWTO-8.html" REL=next>
 <LINK HREF="Shadow-Password-HOWTO-6.html" REL=previous>
 <LINK HREF="Shadow-Password-HOWTO.html#toc7" REL=contents>
</HEAD>
<BODY>
<A HREF="Shadow-Password-HOWTO-8.html">Next</A>
<A HREF="Shadow-Password-HOWTO-6.html">Previous</A>
<A HREF="Shadow-Password-HOWTO.html#toc7">Contents</A>
<HR>
<H2><A NAME="sec-work"></A> <A NAME="s7">7. ±N Shadow Suite ©ñ¶i¨Ó¨Ï¥Î¡C</A></H2>

<P>³o¸`´y­z§A»Ý­nª¾¹D¦³¨Çµ{¦¡¦b¦w¸Ë®É´N¤w¸g¦³ <EM>Shadow Suite</EM>¡C
¤j³¡¤Àªº¸ê°T¦b¾Þ§@¤â¥U¥i¥H§ä¨ì¡C
<P>
<H2><A NAME="ss7.1">7.1 ·s¼W¡B­×§ï©M§R°£¨Ï¥ÎªÌ</A>
</H2>

<P><EM>Shadow Suite</EM> ·s¼W¤U¦C«ü¥O¥Î¨Ó·s¼W¡B­×§ï©M§R°£¨Ï¥ÎªÌ¡C ³o¤]¬O¥i¥H¦w¸Ë
<CODE>adduser</CODE> µ{¦¡¡C
<P>
<H3>useradd</H3>

<P><CODE>useradd</CODE> ¨Ï¥O¥i¥Î¦b¨t²Î¤¤·s¼W¨Ï¥ÎªÌ¡C §A¤]¥i¥H±Ä¥Î¦¹«ü¥O¨Ó§ïÅܹw³]¦r¦ê¡C
<P>§AÀ³¸Ó°µªº²Ä¤@¥ó¨Æ¬OÀˬd¹w³]­È³]©w©M°w¹ï§Aªº¨t²Î¶i¦æ§ïÅÜ¡G
<BLOCKQUOTE><CODE>
<PRE>
useradd -D
</PRE>
</CODE></BLOCKQUOTE>
<HR>
<PRE>
GROUP=1
HOME=/home
INACTIVE=0
EXPIRE=0
SHELL=
SKEL=/etc/skel
</PRE>
<HR>
<P>¹w³]­È¤£¥þ¬O§A­nªº¡A©Ò¥H¦pªG§A¶}©l·s¼W¨Ï¥ÎªÌ¡A§A¥²¶·¸Ô¾\¨C­Ó¨Ï¥ÎªÌ¸ê°T¡C
¦Ó¥B¡A§Ú­Ì¥i¯à©MÀ³¸Ó§ïÅܳ]©w­È¡C
<P>¦b§Úªº¨t²Î¤W¡G
<UL>
<LI>§Ú­n¹w³]¸s²Õ¬O 100</LI>
<LI>§Ú­n±K½X¨C¨ì 60 ¤Ñ´N¨ì´Á</LI>
<LI>§Ú¤£­nÂê¦í±b¸¹¦]¬°±K½X·|¨ì´Á</LI>
<LI>§Ú­n¹w³] shell ¬O <CODE>/bin/bash</CODE></LI>
</UL>

¬°¤F³o¨Ç§ïÅÜ¡A§Ú­n¨Ï¥Î¡G
<BLOCKQUOTE><CODE>
<PRE>
useradd -D -g100 -e60 -f0 -s/bin/bash
</PRE>
</CODE></BLOCKQUOTE>
 
<P>²{¦b°õ¦æ <CODE>useradd -D</CODE> ±N±o¨ì¡G
<HR>
<PRE>
GROUP=100
HOME=/home
INACTIVE=0
EXPIRE=60
SHELL=/bin/bash
SKEL=/etc/skel
</PRE>
<HR>
<P>
<P>¾¨ºÞ¨Ì·Ó§A»Ý­n­×§ï¡A¹w³]­È±N¦s¦b <CODE>/etc/default/useradd</CODE>.
<P>¥ý¦b§A¥i¥H¨Ï¥Î <CODE>useradd</CODE> ¨Ó·s¼W¨t²Î¨Ï¥ÎªÌ¡CÁ|¨Ò»¡©ú¡A·s¼W¤@¨Ï¥ÎªÌ <CODE>fred</CODE>
¨Ï¥Î¹w³]­È¤è¦¡¦p¤U¡G
<BLOCKQUOTE><CODE>
<PRE>
useradd -m -c "Fred Flintstone" fred
</PRE>
</CODE></BLOCKQUOTE>
<P>³o±N¦b <CODE>/etc/passwd</CODE> Àɤ¤ªº¤@¦æ«Ø¥ß¦p¤U¡G
<BLOCKQUOTE><CODE>
<PRE>
fred:*:505:100:Fred Flintstone:/home/fred:/bin/bash
</PRE>
</CODE></BLOCKQUOTE>

¥B¦b <CODE>/etc/shadow</CODE> Àɤ¤ªº¤@¦æ«Ø¥ß¦p¤U¡F
<BLOCKQUOTE><CODE>
<PRE>
fred:!:0:0:60:0:0:0:0
</PRE>
</CODE></BLOCKQUOTE>

<CODE>fred</CODE>ªº®Ú¥Ø¿ý±N³Q«Ø¥ß¥B <CODE>/etc/skel</CODE> ªº¤º®e±N³Q½Æ»s¦]¬°«ü¥O¥y¤¤¦³
<CODE>-m</CODE> ³]©w¡C
<P>¦]¬°§Ú­Ì¨Ã¥¼¸Ô­z UID¡A¨t²Î·|ª½±µ´M§ä¤U¤@­Ó¥iÀò±oªº½s¸¹¡C
<P><CODE>fred</CODE>ªº±b¸¹³Q«Ø¥ßÅo¡A¦ý¬O <CODE>fred</CODE> ¤´µM¤£¯àñ¤Jª½¨ì§Ú­Ì¤£¦AÂê¦í(unlock)³o­Ó±b¸¹¡C
³z¹L§ó§ï±K½X§¹¦¨ unlock ±b¸¹¡A¤èªk¦p¤U¡G
<P>
<BLOCKQUOTE><CODE>
<PRE>
passwd fred
</PRE>
</CODE></BLOCKQUOTE>

<HR>
<PRE>
Changing password for fredó
Enter the new password (minimum of 5 characters)
Please use a combination of upper and lower case letters and numbers.
New Password: *******
Re-enter new password: *******
</PRE>
<HR>

²{¦b <CODE>/etc/shadow</CODE> ÀɱN¥]§t¡G
<BLOCKQUOTE><CODE>
<PRE>
fred:J0C.WDR1amIt6:9559:0:60:0:0:0:0
</PRE>
</CODE></BLOCKQUOTE>

¥B <CODE>fred</CODE> ±N¥i¥Hñ¤J©M¨Ï¥Î¸Ó¨t²Î¡C 
<CODE>useradd</CODE> ©M¨ä¥Lªþ±a <EM>Shadow Suite</EM> ¤ñ¸û¦nªº¦a¤è¬O¥i¥H¦Û°Ê§ïÅÜ
<CODE>/etc/passwd</CODE> ©M <CODE>/etc/shadow</CODE> ¡C ©Ò¥H¦pªG§A¥¿¦b·s¼W¤@­Ó¨Ï¥ÎªÌ¡A
¥B¥t¤@­Ó¨Ï¥ÎªÌ¥¿¦b§ó§ï±K½X¡A³o¨â­Ó¾Þ§@³£¥i¥H¥¿½Tªº°õ¦æ¡C
<P>§A¨Ï¥Î´£¨Ñªº«ü¥O¤ñª½±µ¦s¨ú <CODE>/etc/passwd</CODE> ©M <CODE>/etc/shadow</CODE> ÀÉÁÙ¦n¡C  
¦pªG§A¥¿½s¿è <CODE>/etc/shadow</CODE> ÀÉ¡A¥B¦³­Ó¨Ï¥ÎªÌ¦b§A½s¿è®É­n§ïÅÜ¥Lªº±K½X¡A
µM«á§AÀx¦s½s¿èµ²ªG¡A³o­Ó¨Ï¥ÎªÌªº±K½X±N·|¿ò¥¢±¼¡C
<P>³o¸Ì¬O¨Ï¥Î <CODE>useradd</CODE> ©M <CODE>passwd</CODE> ·s¼W¨Ï¥ÎªÌªº¤@¨Ç interactive script ¡G
<HR>
<PRE>
#!/bin/bash
#
# /sbin/newuser - A script to add users to the system using the Shadow
#                 Suite's useradd and passwd commands.
#
# Written my Mike Jackson &lt;mhjack@tscnet.com> as an example for the Linux
# Shadow Password Howto.  Permission to use and modify is expressly granted.
#
# This could be modified to show the defaults and allow modification similar
# to the Slackware Adduser program.  It could also be modified to disallow
# stupid entries.  (i.e. better error checking).
#
##
#  Defaults for the useradd command
##
GROUP=100        # Default Group
HOME=/home       # Home directory location (/home/username)
SKEL=/etc/skel   # Skeleton Directory
INACTIVE=0       # Days after password expires to disable account (0=never)
EXPIRE=60        # Days that a passwords lasts
SHELL=/bin/bash  # Default Shell (full path)
##
#  Defaults for the passwd command
##
PASSMIN=0        # Days between password changes
PASSWARN=14      # Days before password expires that a warning is given
##
#  Ensure that root is running the script.
##
WHOAMI=`/usr/bin/whoami`
if [ $WHOAMI != "root" ]; then
        echo "You must be root to add news users!"
        exit 1
fi
##
#  Ask for username and fullname.
##
echo ""
echo -n "Username: "
read USERNAME
echo -n "Full name: "
read FULLNAME
#
echo "Adding user: $USERNAME."
#
# Note that the "" around $FULLNAME is required because this field is
# almost always going to contain at least on space, and without the "'s
# the useradd command would think that you we moving on to the next
# parameter when it reached the SPACE character.
#
/usr/sbin/useradd -c"$FULLNAME" -d$HOME/$USERNAME -e$EXPIRE \
        -f$INACTIVE -g$GROUP -m -k$SKEL -s$SHELL $USERNAME
##
#  Set password defaults
##
/bin/passwd -n $PASSMIN -w $PASSWARN $USERNAME >/dev/null 2>&amp;1
##
#  Let the passwd command actually ask for password (twice)
##
/bin/passwd $USERNAME
##
#  Show what was done.
##
echo ""
echo "Entry from /etc/passwd:"
echo -n "   "
grep "$USERNAME:" /etc/passwd
echo "Entry from /etc/shadow:"
echo -n "   "
grep "$USERNAME:" /etc/shadow
echo "Summary output of the passwd command:"
echo -n "   "
passwd -S $USERNAME
echo ""
</PRE>
<HR>
 
<P>·s¼W¨Ï¥ÎªÌ¬O¥Î script ¤ñª½±µ½s¿è <CODE>/etc/passwd</CODE> / <CODE>/etc/shadow</CODE> ÀɩΨϥÎ
¹³ Slackware ªº <CODE>adduser</CODE> µ{¦¡ÁÙ­n¦n¡C 
<P>»Ý­n§ó¦h <CODE>useradd</CODE> ¸ê°T½Ð°Ñ·Ó½u¤W¾Þ§@¤â¥U¡C
<P>
<H3>usermod</H3>

<P><CODE>usermod</CODE> µ{¦¡¬O¥Î¦b­×§ï¨Ï¥ÎªÌ¸ê°T¡C
¥¦ªº°Ñ¼Æ¨Ï¥Î©M <CODE>useradd</CODE> µ{¦¡Ãþ¦ü¡C 
<P>¦pªG§A­n§ó·s <CODE>fred</CODE> ªº shell¡A§A­n§@¤U¦C¨BÆJ¡G
<BLOCKQUOTE><CODE>
<PRE>
usermod -s /bin/tcsh fred
</PRE>
</CODE></BLOCKQUOTE>
<P>²{¦b <CODE>fred</CODE> ªº <CODE>/etc/passwd</CODE> ÀɱNÅܦ¨¡G
<BLOCKQUOTE><CODE>
<PRE>
fred:*:505:100:Fred Flintstone:/home/fred:/bin/tcsh
</PRE>
</CODE></BLOCKQUOTE>

¦pªG­n¨Ï <CODE>fred</CODE> ªº±b¸¹¨ì´Á¤é¬° 09/15/97¡G
<BLOCKQUOTE><CODE>
<PRE>
usermod -e 09/15/97 fred
</PRE>
</CODE></BLOCKQUOTE>

²{¦b <CODE>fred</CODE> ¦b <CODE>/etc/shadow</CODE> ªºÄæ¦ìÅܦ¨¡G
<BLOCKQUOTE><CODE>
<PRE>
fred:J0C.WDR1amIt6:9559:0:60:0:0:10119:0
</PRE>
</CODE></BLOCKQUOTE>
<P>»Ý­n§ó¦h <CODE>usermod</CODE> ¸ê°T½Ð°Ñ·Ó½u¤W¾Þ§@¤â¥U¡C
<P>
<H3>userdel</H3>

<P><CODE>userdel</CODE> ¥Î¦b§R°£¨Ï¥ÎªÌ¡A¨Ï¥Î¤èªk¬°¡G
<BLOCKQUOTE><CODE>
<PRE>
userdel -r username
</PRE>
</CODE></BLOCKQUOTE>

<CODE>-r</CODE> °Ñ¼Æ¥i¥H±N¸Ó¨Ï¥ÎªÌ®Ú¥Ø¿ý¥þ³¡²¾°£¡C¦ì¦b´Á«Ý¥Ø¿ýªºÀɮ׫h»Ý¤â°Ê²¾°£¡C
<P>¦pªG§A¥u¬O­n²³æªºÂê¦í±b¸¹¦Ó¨S¦³­n§R°£¥¦¡A«Øij§A¨Ï¥Î <CODE>passwd</CODE> «ü¥O¡C
<P>
<H2><A NAME="ss7.2">7.2 passwd «ü¥O©M passwd ¦Ñ¤Æ</A>
</H2>

<P><CODE>passwd</CODE> «ü¥O«Ü©úÅã¨Ï¥Î¦b§ïÅܱK½X¡A°£¦¹¤§¥~¡A
¥i¥Ñ <EM>root</EM> ¨Ï¥Î¦b¡G
<UL>
<LI>Lock ©M unlock ±b¸¹ (<CODE>-l</CODE> and <CODE>-u</CODE>)</LI>
<LI>³]©w±K½X¦Xªkªº³Ì¤j¤Ñ¼Æ
(<CODE>-x</CODE>)</LI>
<LI>³]©w±K½X§ïÅܶ¡ªº³Ì¤p¤Ñ¼Æ (<CODE>-n</CODE>)</LI>
<LI>³]©w±K½X¨ì´ÁªºÄµ§i¤Ñ¼Æ
(<CODE>-w</CODE>)</LI>
<LI>³]©w¦b±b¸¹¥¼³QÂꦺ±K½X¨ì´Á«áªºÄµ§i¤Ñ¼Æ (<CODE>-i</CODE>)</LI>
<LI>¤¹³\¬d¸ß±b¸¹¸ê°T (<CODE>-S</CODE>)</LI>
</UL>
<P>Á|¨Ò»¡©ú¡A¦pªG­nÂꦺ <CODE>fred</CODE> ±b¸¹¡G
<BLOCKQUOTE><CODE>
<PRE>
passwd -S fred
fred P 03/04/96 0 60 0 0
</PRE>
</CODE></BLOCKQUOTE>

³oªí¥Ü <CODE>fred</CODE> ªº±K½X¬O¦³®Äªº¡A¥¦¦b 03/04/96 ³Q­×§ï¥B¥ô¦ó®É¶¡³£¥i³Q­×§ï
¡A fred ±N¤£·|¦¬¨ìĵ§i¥B±b¸¹±N¤£·|¦]±K½X¨ì´Á¦ÓÃö³¬¡C
<P>
<P>³oªí¥Ü¦pªG <CODE>fred</CODE> ¦b±K½X¨ì´Á«áñ¤J¡A¥¦±N³Q­n¨D¥Î¤@­Ó·s±K½Xñ¤J¡C
<P>
<P>¦pªG§Ú­Ì¨M©w­nĵ§i <CODE>fred</CODE> ¦b±K½X¹L´Á«e 14 ¤Ñ¡A¥BÅý¥¦ªº±b¸¹¦b¨ì´Á«á14¤Ñĵ§i¡A
§Ú­Ì»Ý­n§@¤U¦C¨BÆJ¡G
<P>
<BLOCKQUOTE><CODE>
<PRE>
passwd -w14 -i14 fred
</PRE>
</CODE></BLOCKQUOTE>

²{¦b <CODE>fred</CODE> §ïÅܬ°¡G
<BLOCKQUOTE><CODE>
<PRE>
fred P 03/04/96 0 60 14 14
</PRE>
</CODE></BLOCKQUOTE>

»Ý­n§ó¦h <CODE>passwd</CODE> ¸ê°T½Ð°Ñ·Ó½u¤W¾Þ§@¤â¥U¡C
<P>
<H2><A NAME="ss7.3">7.3 login.defs ÀÉ</A>
</H2>

<P><CODE>/etc/login</CODE> ÀɬO¹ï <CODE>login</CODE> µ{¦¡ªº configuration file ¥B ¹ï
<EM>Shadow Suite</EM>¡C
<P><CODE>/etc/login</CODE> ¥]§t±q¹w³]­È±K½X§ïÅܪºÅX°Ê³]©w¡C
<P><CODE>/etc/login.defs</CODE> ÀɬO¤@­Ó«Ü¦nªº¤å¥óÀÉ¡AµM¦Ó¤´¦³¨Ç¨Æ±¡­nª`·N¡G
<P>
<UL>
<LI>It contains flags that can be turned on or off that determine the
amount of logging that takes place.</LI>
<LI>It contains pointers to other configuration files.</LI>
<LI>It contains defaults assignments for things like password aging.</LI>
</UL>
<P>¸ò¥h¤W­z§A¥i¥Hµo²{³o¬O¤@­Ó­«­nÀÉ¡A¥B§AÀ³¸Ó½T»{¥Ø«e³]©w¤Î§A±N¹ï§A¨t²Îªº³]©w¤º®e¡C
<P>
<H2><A NAME="ss7.4">7.4 ¸s²Õ±K½X</A>
</H2>

<P><CODE>/etc/groups</CODE> ÀÉ¥]¬A¤¹³\¬O¥ÎªÌ¦s¨ú¸s²Õ¤§±K½X¡C ¦pªG§A©w¸q
<CODE>SHADOWGRP</CODE> ¦b <CODE>/usr/src/shadow-YYMMDD/config.h</CODE> ÀɱN¶}±Ò¸Ó¥\¯à¡C
<P>¦pªG§A©w¸q¸Ó±`¼Æ¥B½sĶ¥¦¡A§A»Ý«Ø¥ß¤@­Ó <CODE>/etc/gshadow</CODE> ÀɨӫO¦s¸s²Õ±K½X
©M¸s²ÕºÞ²zªÌ¸ê°T¡C
<P>
<P>·í§A«Ø¥ß <CODE>/etc/shadow</CODE>¡C§A¨Ï¥Î¤@­Ó©I¥sµ{¦¡¥s°µ <CODE>pwconv</CODE>¡A
¸Óµ{¦¡¤£·|«Ø¥ß <CODE>/etc/gshadow</CODE> ÀÉ¡A¦ý¬O³o¨SÃö«Y¡A¥u­n§A¦Û¦æ«Ø¥ß§Y¥i¡C
<P>
<P>¬°¤F«Ø¥ß°_©l <CODE>/etc/gshadow</CODE> ÀÉ­n°õ¦æ¤U¦C¨BÆJ¡G
<BLOCKQUOTE><CODE>
<PRE>
touch /etc/gshadow
chown root.root /etc/gshadow
chmod 700 /etc/gshadow
</PRE>
</CODE></BLOCKQUOTE>
<P>¨C¦¸§A«Ø¥ß¤@­Ó·s¸s²Õ¡A¥¦­Ì·|³Q¥[¨ì <CODE>/etc/group</CODE> ©M <CODE>/etc/gshadow</CODE> ÀÉ¡C
¦pªG§A³z¹L·s¼W©Î²¾°£¨Ï¥ÎªÌ¨Ó­×§ï¸s²Õ©Î§ïÅܸs²Õ±K½X¡A<CODE>/etc/gshadow</CODE> Àɳ£±N³Q§ïÅÜ¡C
<P>
<P><CODE>groups</CODE>, <CODE>groupadd</CODE>, <CODE>groupmod</CODE>, ©M 
<CODE>groupdel</CODE> µ{¦¡¬O¥Î¨Ó¨ÑÀ³  <EM>Shadow Suite</EM> ³¡¤À¥i¥HÅܧó¸s²Õ¡C
<P><CODE>/etc/group</CODE> Àɮ榡¦p¤U¡G
<BLOCKQUOTE><CODE>
<PRE>
groupname:!:GID:member,member,...
</PRE>
</CODE></BLOCKQUOTE>

¨ä¤¤¡G
<DL>
<DT><B><CODE>groupname</CODE></B><DD><P>The name of the group
<DT><B><CODE>!</CODE></B><DD><P>The field that normally holds the password, but that
is now relocated to the <CODE>/etc/gshadow</CODE> file.
<DT><B><CODE>GID</CODE></B><DD><P>The numerical group ID number
<DT><B><CODE>member</CODE></B><DD><P>List of group members
</DL>
<P><CODE>/etc/gshadow</CODE> Àɮ榡¦p¤U¡G
<BLOCKQUOTE><CODE>
<PRE>
groupname:password:admin,admin,...:member,member,...
</PRE>
</CODE></BLOCKQUOTE>

¨ä¤¤¡G
<DL>
<DT><B><CODE>groupname</CODE></B><DD><P>The name of the group
<DT><B><CODE>password</CODE></B><DD><P>The encoded group password.
<DT><B><CODE>admin</CODE></B><DD><P>List of group administrators 
<DT><B><CODE>member</CODE></B><DD><P>List of group members
</DL>
<P><CODE>gpasswd</CODE> «ü¥O¬O¥Î¦b·s¼W©Î²¾°£ºÞ²zªÌ©M¸s²Õ¦¨­û¡C <CODE>root</CODE> ©Î¨ä¥L¦b
¸s²ÕºÞ²zªÌ¤H­û¥i·s¼W©Î²¾°£¸s²Õ¦¨­û¡C
<P>¸s²Õ±K½X¥i¥H³z¹L <CODE>passwd</CODE> «ü¥O§ïÅÜ¡A»Ý³z¹L 
<EM>root</EM> ©Î¦b¸Ó¸s²ÕºÞ²zªÌ¦³Åv­­ªº±b¸¹¤è¥i­×§ï¡C
<P>Despite the fact that there is not currently a manual page for
<CODE>gpasswd</CODE>, typing <CODE>gpasswd</CODE> without any parameters gives a
listing of options.  It's fairly easy to grasp how it all works once you
understand the file formats and the concepts.
<P>
<P>
<H2><A NAME="ss7.5">7.5 Àˬdµ{¦¡¤@­P©Ê</A>
</H2>

<P>
<P>
<H3>pwck</H3>

<P><CODE>pwck</CODE> µ{¦¡´£¨Ñ¦b <CODE>/etc/passwd</CODE> ©M <CODE>/etc/shadow</CODE> Àɪº¤@­P©ÊÀˬd¡C
¥¦±NÀˬd¨C­Ó¨Ï¥ÎªÌ¦WºÙ¥B¨Ì·Ó¤U¦C¨BÆJ½T»{¡G
<P>
<UL>
<LI>the correct number of fields</LI>
<LI>unique user name</LI>
<LI>valid user and group identifier</LI>
<LI>valid primary group</LI>
<LI>valid home directory</LI>
<LI>valid login shell</LI>
</UL>
<P>¥¦¤]·|ĵ§i¨S¦³±K½Xªº±b¸¹¡C
<P>¦b¦w¸Ë <EM>Shadow Suite</EM> «á°õ¦æ <CODE>pwck</CODE> ¬O¤@­Ó«Ü¦nªºÂI¤l¡C
¥¦¤]¥i¥H¨C¶g©Î¨C¤ë¶g´Á©Êªº°õ¦æ¡C ¦pªG§A¨Ï¥Î <CODE>-r</CODE> °Ñ¼Æ¡A§A¥i¥H¥Î <CODE>cron</CODE> 
¨Ó°õ¦æ¥B¦¬¨ì¹q¤l¶l¥ó³ø§i
<P>
<H3>grpck</H3>

<P><CODE>grpck</CODE> Àˬd <CODE>/etc/group</CODE> ©M <CODE>/etc/gshadow</CODE> Àɤ@­P©Êªºµ{¦¡¡C
¥¦§@¤U¦CÀˬd¡G
<UL>
<LI>the correct number of fields</LI>
<LI>unique group name</LI>
<LI>valid list of members and administrators</LI>
</UL>
<P>¥¦¤]¦³ <CODE>-r</CODE> °Ñ¼Æ¦Û°Ê²£¥Í³øªí¡C
<P>
<H2><A NAME="ss7.6">7.6 Dial-up ±K½X</A>
</H2>

<P>Dial-up ±K½X¬O¥t¤@­Ó¹ï¨t²Î¨¾¿mªº¿ï¶µ¦C¡A¸Ó¨t²Î¤¹³\¼·±µ¦s¨ú¡C 
¦pªG§A¦³¤@­Ó¨t²Î¤¹³\³\¦h¤H°Ï°ìºô¸ô³sµ²¡A¦ý¬O§A·Q­­¨î¼·±µªºÅv­­¡A¨º§A»Ý¨Ï¥Î dial-up
±K½X¡C ¬°¤F­n¶}±Ò dial-up ±K½X¡A§A¥²¶·½s¿è <CODE>/etc/login.defs</CODE> ÀÉ¥B½T©w±N 
<CODE>DIALUPS_CHECK_ENAB</CODE> ³]©w¬° <CODE>yes</CODE>.
<P>¦³¨â­ÓÀÉ®×¥]¬A dial-up ¸ê°T¡A <CODE>/etc/dialups</CODE> ¥]¬A ttys 
(one per line, with the leading "/dev/" removed)¡C
¦pªG tty ¦³³Q¦C¥X¡A dial-up ªí¥Ü¤w¸g³QÀˬd¡C
<P>²Ä¤G­ÓÀɬO <CODE>/etc/d_passwd</CODE> ¡C  ³o­ÓÀÉ¥]¬A shell ¥þ³¡¦Xªk¸ô®|¦WºÙ¡C
<P>¦pªG¥H­Ó¨Ï¥ÎªÌñ¤J¤@±ø¦C¦b <CODE>/etc/dialups</CODE> ªº½u(line)¡A¥B¥Lªº shell ³Q¦C¦b
<CODE>/etc/d_passwd</CODE> ÀÉ¡A¥L±N³Q¤¹³\¦s¨ú³z¹L´£¨Ñ¥¿½Tªº±K½X¡C
<P>¥t¤@­Ó¨Ï¥Î dial-up ±K½Xªº¥Øªº¬O³]©w«ü¤¹³\¬Y¨Ç§Î¦¡³sµ²ªº½u(¥i¯à¬OPPP ©Î UUCP ³sµ²)¡C
¦pªG¤@­Ó¨Ï¥ÎªÌ¸ÕµÛ±o¨ì¥t¤@ºØ§Î¦¡³sµ² (i.e. a list of shells)¡A¥L¥²¶·ª¾¹D¨Ï¥Î³o±ø½uªº±K½X¡C
<P>¦b§A¥i¥H¦b¥¼¨Ó¨Ï¥Î dial-up «e¡A§A±K»Ý«Ø¥ß¤@¨ÇÀɮסC
<P><CODE>dpasswd</CODE> «ü¥O´£¨Ñ¹ï¦b <CODE>/etc/d_passwd</CODE> Àɪº shells «ü¬£±K½X¡C
¥i¥H¬Ý¾Þ§@¤â¥Uªº¨ì§ó¦h¸ê°T¡C
<P>
<P>
<P>
<HR>
<A HREF="Shadow-Password-HOWTO-8.html">Next</A>
<A HREF="Shadow-Password-HOWTO-6.html">Previous</A>
<A HREF="Shadow-Password-HOWTO.html#toc7">Contents</A>
</BODY>
</HTML>
Shadow-Password-HOWTO-8.html0100644000014400001440000002316607110535716015421 0ustar  cwhuangusers<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=big5">
 <META NAME="GENERATOR" CONTENT="ZH-SGML-Tools 1.0.9">
 <TITLE>¦p¦ó¨ú±o¡A¦w¸Ë¡A³]©w shadow ±K½X: ¥[¤J shadow ¤ä´© C »y¨¥</TITLE>
 <LINK HREF="Shadow-Password-HOWTO-9.html" REL=next>
 <LINK HREF="Shadow-Password-HOWTO-7.html" REL=previous>
 <LINK HREF="Shadow-Password-HOWTO.html#toc8" REL=contents>
</HEAD>
<BODY>
<A HREF="Shadow-Password-HOWTO-9.html">Next</A>
<A HREF="Shadow-Password-HOWTO-7.html">Previous</A>
<A HREF="Shadow-Password-HOWTO.html#toc8">Contents</A>
<HR>
<H2><A NAME="sec-adding"></A> <A NAME="s8">8. ¥[¤J shadow ¤ä´© C »y¨¥</A></H2>

<P>·s¼W¤ä´© shadow µ{¦¡¨Æ¹ê¤W¬O«Üª½±µªº¡C °ß¤@ªº°ÝÃD¬Oµ{¦¡»Ý­n¥H root (©Î SUID root)
Åv­­°õ¦æ¡A³o¼Ë¤~¥i¥H¦s¨ú <CODE>/etc/shadow</CODE> ÀÉ¡C
<P>³oÅã¥Ü¤@­Ó¤j°ÝÃD¡G ·í«Ø¥ß SUID µ{¦¡®É»Ý­n«Ü¤p¤ß¨Ì·Óµ{¦¡¹B§@¡CÁ|¨Ò»¡©ú¡G ¦pªG¥H­Ó
µ{¦¡¦³ shell escape¡A¦pªGµ{¦¡¥»¨­¬O SUID root ±N¤£»Ý­n¥H root ¤è¦¡§e²{¡C
<P>¹ïµ{¦¡·s¼W¤ä´© shadow ¦Ó¨¥¡A¥¦¥i¥HÀˬd±K½X¡A¦ý¤£»Ý¥H root Åv­­°õ¦æ¡A¦Ó¬O¥H SUID 
shadow ¨ú¥N°õ¦æ¤ñ¸û¦w¥þ¡C <CODE>xlock</CODE> µ{¦¡´N¬O¤@­Ó¨Ò¤l¡C
<P>±µ¤U¨Ó½d¨Ò¤¶²Ð¡A <CODE>pppd-1.2.1d</CODE> ¤w¸g¥H SUID as root ¤è¦¡°õ¦æ¡A©Ò¥H·s¼W shadow
¤ä´©À³¸Ó¤£·|¨Ïµ{¦¡²£¥Í¥ô¦ó¼vÅT¡C 
<P>
<P>
<H2><A NAME="ss8.1">8.1 ¼ÐÀYÀÉ(Header files)</A>
</H2>

<P>¼ÐÀYÀÉÀ³¦s¦b <CODE>/usr/include/shadow</CODE>¡C À³¸Ó¦³¤@­Ó <CODE>/usr/include/shadow.h</CODE>ÀÉ¡A
¦ý¬O¥¦±N symbolic link ¨ì <CODE>/usr/include/shadow/shadow.h</CODE>¡C
<P>¬°¤F·s¼W¤ä´© shadow µ{¦¡¡A§A»Ý­n include ¼ÐÀYÀÉ¡G
<P>
<PRE>
#include &lt;shadow/shadow.h>
#include &lt;shadow/pwauth.h>
</PRE>
<P>
<P>
<H2><A NAME="ss8.2">8.2 libshadow.a ¨ç¦¡®w(library)</A>
</H2>

<P>·í§A¦w¸Ë <EM>Shadow Suite</EM>¡A <CODE>libshadow.a</CODE> ÀɳQ«Ø¥ß©M¦w¸Ë¦b
<CODE>/usr/lib</CODE> ¥Ø¿ý¡C
<P>·í½sĶ¤@­Ó shadow support µ{¦¡¡Alinker »Ý­n¥]¬A <CODE>libshadow.a</CODE> ¨ç¦¡®w¶i¤JÃìµ²¡C
<P>
<P>°õ¦æ¦p¤U¡G
<BLOCKQUOTE><CODE>
<PRE>
gcc program.c -o program -lshadow
</PRE>
</CODE></BLOCKQUOTE>
<P>µM¦Ó¡A´N¹³§Ú­Ì±µ¤U¨Ó­n¬Ýªº¨Ò¤l¡A¤j³¡¤À¤jµ{¦¡¨Ï¥Î <CODE>Makefile</CODE> ¥B
³q±`¦³ÅܼƩI¥s <CODE>LIBS=...</CODE> »Ý­n³Q­×§ï¡C
<P>
<H2><A NAME="ss8.3">8.3 Shadow µ²ºc(Structure)</A>
</H2>

<P><CODE>libshadow.a</CODE> ¨ç¦¡®w¹ï¥¦±q <CODE>/etc/shadow</CODE> Àɱµ¦¬¸ê°T¨Ï¥Îµ²ºc¤Æ©I¥s¡C
³o¬O±q <CODE>/usr/include/shadow/shadow.h</CODE> ¼ÐÀYÀɪº <CODE>spwd</CODE> µ²ºc©w¸q¡G
<P>
<HR>
<PRE>
struct spwd
{
  char *sp_namp;                /* login name */
  char *sp_pwdp;                /* encrypted password */
  sptime sp_lstchg;             /* date of last change */
  sptime sp_min;                /* minimum number of days between changes */
  sptime sp_max;                /* maximum number of days between changes */
  sptime sp_warn;               /* number of days of warning before password
                                   expires */
  sptime sp_inact;              /* number of days after password expires
                                   until the account becomes unusable. */
  sptime sp_expire;             /* days since 1/1/70 until account expires
*/
  unsigned long sp_flag;        /* reserved for future use */
};
</PRE>
<HR>
<P><EM>Shadow Suite</EM> ¥i¥H©ñ°£¤F½s½X±K½X¤§¥~ªº¸ê®Æ¨ì <CODE>sp_pwdp</CODE> Äæ¦ì¡C
±K½XÄæ¦ì¥i¥]¬A¡G
<BLOCKQUOTE><CODE>
<PRE>
username:Npge08pfz4wuk;@/sbin/extra:9479:0:10000::::
</PRE>
</CODE></BLOCKQUOTE>
<P>³oªí¥Ü¤@­ÓÃB¥~ªº±K½X¡A <CODE>/sbin/extra</CODE> µ{¦¡À³¸Ó³Q§ó¦hªºÅv­­©I¥s¡C 
µ{¦¡ªº©I¥s»Ý¨ú±o¨Ï¥ÎªÌ¦WºÙ©M«ü¥X¬°¦ó»Ý³Q©I¥sªº switch¤~¥i³q¹L¡C ¬d¬Ý
<CODE>/usr/include/shadow/pwauth.h</CODE> ©M­ì©l½X <CODE>pwauth.c</CODE> Àò±o§ó¦h¸ê°T¡C
<P>¬°¦ó§Ú­ÌÀ³¨Ï¥Î <CODE>pwauth</CODE> ¥hªí¥Ü¯u¥¿ªºÅv­­¡A³o¬O¤°»ò·N«ä¡A¥¦±N¨Ï²Ä¤G²ÕÅv­­¤]
¶]±o«Ü¦n¡C
<P><EM>Shadow Suite</EM> §@ªÌ«ü¥X¦]¬°¤j³¡¤À¦s¦bªºµ{¦¡³£¤£³o»ò§@Åo¡A©Ò¥H
<EM>Shadow Suite</EM>¥¼¨Óªºª©¥»±N²¾°£¡C
<P>
<H2><A NAME="ss8.4">8.4 Shadow ¨ç¦¡(Functions)</A>
</H2>

<P><CODE>shadow.h</CODE> ¥]§t <CODE>libshadow.a</CODE> ¨ç¦¡®w¡G
<HR>
<PRE>
extern void setspent __P ((void));
extern void endspent __P ((void));
extern struct spwd *sgetspent __P ((__const char *__string));
extern struct spwd *fgetspent __P ((FILE *__fp));
extern struct spwd *getspent __P ((void));
extern struct spwd *getspnam __P ((__const char *__name));
extern int putspent __P ((__const struct spwd *__sp, FILE *__fp));
</PRE>
<HR>
<P>§Ú­Ì±N¨Ï¥Îªº½d¨Òµ{¦¡¬O¡G <CODE>getspnam</CODE> ±N¹ï¨ÑÀ³¦WºÙ«ì´_¹ï§Ú­Ì <CODE>spwd</CODE> µ²ºc¡C
<P>
<H2><A NAME="ss8.5">8.5 ½d¨Ò</A>
</H2>

<P>³o¬O¤@­Ó½d¨Ò´y­z·s¼W shadow ¤ä´©µ{¦¡¡A¦ý¹w³]­È¨Ã¨S¦³¡C
<P>
<P>¥»½d¨Ò¨Ï¥Î <EM>Point-to-Point Protocol Server</EM> (pppd-1.2.1d)¡A¥¦¦³­Ó¼Ò¦¡¬Oªí¥Ü 
±q <CODE>/etc/passwd</CODE> Àɨú¥N <EM>PAP</EM> ©Î <EM>CHAP</EM> Àɨϥαb¸¹±K½Xªº <EM>PAP</EM> 
Åv­­¡A§A±N¤£»Ý­n¦b <CODE>pppd-2.2.0</CODE> ¥[³o¨Çµ{¦¡½X¡A¦]¬°¥¦¤w¸g¦s¦bÅo¡C
<P>
<P>
<P>pppd ªº¥¼¨Ó¤j­P¤W¤£·|³Q¨Ï¥Î«Ü¦h¡A¦ý¬O¦pªG§A¦w¸Ë <EM>Shadow Suite</EM>¡AÀx¦s¦b
<CODE>/etc/passwd</CODE> Àɪº±K½X±NµLªk¹B§@¡C
<P>¦b <CODE>pppd-1.2.1d</CODE> Åv­­¨Ï¥Îªºµ{¦¡½X¬O¦ì¦b <CODE>/usr/src/pppd-1.2.1d/pppd/auth.c</CODE> ÀÉ¡C
<P>±µ¤U¨Óµ{¦¡½X»Ý­n³Q¥[¦b©Ò¦³¨ä¥L <CODE>#include</CODE> «ü¥OÀɮתº³Ì¤WÀY¡A§Ú­Ì±Nª`·N¦³Àô¹Ò«ü¥Oªº
<CODE>#includes</CODE>¡C
<P>
<HR>
<PRE>
#ifdef HAS_SHADOW
#include &lt;shadow.h>
#include &lt;shadow/pwauth.h>
#endif
</PRE>
<HR>
 
<P>±µ¤U¨Ó­n°µªº¨Æ±¡¬OÅܧó¹ê»Ú½X¡A §Ú­Ì±NÅܧó <CODE>auth.c</CODE> ÀÉ¡C
<P>Åܧó«e <CODE>auth.c</CODE> ÀÉ function ¬°¡G
<HR>
<PRE>
/*
 * login - Check the user name and password against the system
 * password database, and login the user if OK.
 *
 * returns:
 *      UPAP_AUTHNAK: Login failed.
 *      UPAP_AUTHACK: Login succeeded.
 * In either case, msg points to an appropriate message.
 */
static int
login(user, passwd, msg, msglen)
    char *user;
    char *passwd;
    char **msg;
    int *msglen;
{
    struct passwd *pw;
    char *epasswd;
    char *tty;

    if ((pw = getpwnam(user)) == NULL) {
        return (UPAP_AUTHNAK);
    }
     /*
     * XXX If no passwd, let them login without one.
     */
    if (pw->pw_passwd == '\0') {
        return (UPAP_AUTHACK);
    }

    epasswd = crypt(passwd, pw->pw_passwd);
    if (strcmp(epasswd, pw->pw_passwd)) {
        return (UPAP_AUTHNAK);
    }

    syslog(LOG_INFO, "user %s logged in", user);

    /*
     * Write a wtmp entry for this user.
     */
    tty = strrchr(devname, '/');
    if (tty == NULL)
        tty = devname;
    else
        tty++;
    logwtmp(tty, user, "");             /* Add wtmp login entry */
    logged_in = TRUE;

    return (UPAP_AUTHACK);
}
</PRE>
<HR>
<P>¨Ï¥ÎªÌªº±K½X³Q©ñ¦b <CODE>pw->pw_passwd</CODE>¡A©Ò¥H§Ú­Ì»Ý·s¼W <CODE>getspnam</CODE>
function¡A³o±N·|§â±K½X©ñ¨ì <CODE>spwd->sp_pwdp</CODE>¡C
<P>§Ú­Ì±N·s¼W <CODE>pwauth</CODE> function ¨Óªí¥Ü¯u¥¿ªºÅv­­¡C ³o±N¦b shadow Àɳ]©w®É
¦Û°Ê²£¥Í²Ä¤G­ÓÅv­­¡C
<P>Åܧ󬰥i¥H¤ä´© shadow «áªº <CODE>auth.c</CODE> function¡G
<P>
<HR>
<PRE>
/*
 * login - Check the user name and password against the system
 * password database, and login the user if OK.
 *
 * This function has been modified to support the Linux Shadow Password
 * Suite if USE_SHADOW is defined.
 *
 * returns:
 *      UPAP_AUTHNAK: Login failed.
 *      UPAP_AUTHACK: Login succeeded.
 * In either case, msg points to an appropriate message.
 */
static int
login(user, passwd, msg, msglen)
    char *user;
    char *passwd;
    char **msg;
    int *msglen;
{
    struct passwd *pw;
    char *epasswd;
    char *tty;

#ifdef USE_SHADOW
    struct spwd *spwd;
    struct spwd *getspnam();
#endif

    if ((pw = getpwnam(user)) == NULL) {
        return (UPAP_AUTHNAK);
    }

#ifdef USE_SHADOW
        spwd = getspnam(user);
        if (spwd)
                pw->pw_passwd = spwd->sp-pwdp;
#endif
 
     /*
     * XXX If no passwd, let NOT them login without one.
     */
    if (pw->pw_passwd == '\0') {
        return (UPAP_AUTHNAK);
    }
#ifdef HAS_SHADOW
    if ((pw->pw_passwd &amp;&amp; pw->pw_passwd[0] == '@'
         &amp;&amp; pw_auth (pw->pw_passwd+1, pw->pw_name, PW_LOGIN, NULL))
        || !valid (passwd, pw)) {
        return (UPAP_AUTHNAK);
    }
#else
    epasswd = crypt(passwd, pw->pw_passwd);
    if (strcmp(epasswd, pw->pw_passwd)) {
        return (UPAP_AUTHNAK);
    }
#endif

    syslog(LOG_INFO, "user %s logged in", user);

    /*
     * Write a wtmp entry for this user.
     */
    tty = strrchr(devname, '/');
    if (tty == NULL)
        tty = devname;
    else
        tty++;
    logwtmp(tty, user, "");             /* Add wtmp login entry */
    logged_in = TRUE;

    return (UPAP_AUTHACK);
}
</PRE>
<HR>
<P>ÄYÂÔªº½d¨Ò±N±Òµo§Ú­Ì¦b§@¨ä¥L§ïÅܪºÀ°§U¡C ­ì©lªºª©¥»¦pªG¦b <CODE>/etc/passwd</CODE> ÀÉ
¨S¦³¥ô¦ó±K½X¡A¥i¤¹³\¦s¨ú¶Ç¦^ªº <CODE>UPAP_AUTHACK</CODE> ¡C³o¬O<EM>¤£</EM>¦nªº¡A¦]¬°
ñ¤Jªº¨Ï¥Î¬O¨Ï¥Î¤@­Ó¤¹³\¦s¨ú PPP processªº±b¸¹¡AµM«áÀˬd±b¸¹±K½X¡A¸Ó±b¸¹±K½X¬O¥Ñ
RAP ¡B¦b <CODE>/etc/passwd</CODE> Àɪº±b¸¹©M <CODE>/etc/shadow</CODE> Àɪº±K½X¨ÑÀ³¡C
<P>
<P>©Ò¥H¦pªG§Ú­Ì³]©w­ì¥»ª©¥»¹ï¨C­Ó¨Ï¥ÎªÌ¡A¦p <CODE>ppp</CODE> ¥i¥H¦b shell °õ¦æ¡AµM«á¥ô¦ó¤H¥i¥H
Àò±o ppp Ãìµ²³z¹L³]©w¥L­Ì¹ï¨Ï¥ÎªÌ <CODE>ppp</CODE> ªº PAP ©M null ªº±K½X¡C
<P>
<P>§Ú­Ì­×¥¿ <CODE>UPAP_AUTHNAK</CODE> ¨ú¥N
<CODE>UPAP_AUTHACK</CODE> ¦pªG±K½XÄæ¦ì¬OªÅªº¡C
<P>¦³½ìªº¬O <CODE>pppd-2.2.0</CODE> ¦³¬Û¦Pªº°ÝÃD¡C
<P>±µ¤U¨Ó§Ú­Ì»Ý­nÅܧó Makefile ¥H«KÅý¨â¥ó¨Æµo¥Í¡G
<P><CODE>USE_SHADOW</CODE> ¥²¶·³Q­«·s©w¸q¥B<CODE>libshadow.a</CODE> »Ý­n³Q·s¼W¨ìÃìµ² process¡C
<P>
<P>½s¿è Makefile ¥B·s¼W¡G
<BLOCKQUOTE><CODE>
<PRE>
LIBS = -lshadow
</PRE>
</CODE></BLOCKQUOTE>
<P>µM«á§Ú­Ì§ä¨ì³o¤@¦æ¡G
<BLOCKQUOTE><CODE>
<PRE>
COMPILE_FLAGS = -I.. -D_linux_=1 -DGIDSET_TYPE=gid_t
</PRE>
</CODE></BLOCKQUOTE>
<P>µM«á§ïÅÜ¥¦Åܦ¨¡G
<BLOCKQUOTE><CODE>
<PRE>
COMPILE_FLAGS = -I.. -D_linux_=1 -DGIDSET_TYPE=gid_t -DUSE_SHADOW
</PRE>
</CODE></BLOCKQUOTE>
<P>²{¦b°õ¦æ make ¸ò install.
<P>
<HR>
<A HREF="Shadow-Password-HOWTO-9.html">Next</A>
<A HREF="Shadow-Password-HOWTO-7.html">Previous</A>
<A HREF="Shadow-Password-HOWTO.html#toc8">Contents</A>
</BODY>
</HTML>
Shadow-Password-HOWTO-9.html0100644000014400001440000000600607110535716015414 0ustar  cwhuangusers<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=big5">
 <META NAME="GENERATOR" CONTENT="ZH-SGML-Tools 1.0.9">
 <TITLE>¦p¦ó¨ú±o¡A¦w¸Ë¡A³]©w shadow ±K½X: ±`°Ý°ÝÃD¤Îµª®×</TITLE>
 <LINK HREF="Shadow-Password-HOWTO-10.html" REL=next>
 <LINK HREF="Shadow-Password-HOWTO-8.html" REL=previous>
 <LINK HREF="Shadow-Password-HOWTO.html#toc9" REL=contents>
</HEAD>
<BODY>
<A HREF="Shadow-Password-HOWTO-10.html">Next</A>
<A HREF="Shadow-Password-HOWTO-8.html">Previous</A>
<A HREF="Shadow-Password-HOWTO.html#toc9">Contents</A>
<HR>
<H2><A NAME="s9">9. ±`°Ý°ÝÃD¤Îµª®×</A></H2>

<P><EM>Q:</EM> §Ú¥Î tty's ¥Î<EM>root</EM> Åv­­¨Ï¥Î <CODE>/etc/securettys</CODE> ÀÉ¡A¦ý¬O³£¨S¦³
¥ô¦ó¹B§@¡A¸Ó¦p¦ó¸Ñ¨M¡H
<P><EM>A:</EM> <CODE>/etc/securettys</CODE> Àɦb <EM>Shadow Suite</EM> ¦w¸Ë«á´N¤£¨ã¥ô¦ó·N¸qÅo¡C
<P>tty's ¥Î <EM>root</EM> Åv­­¥i¥H¨Ï¥Î¤@­Ó©ñ¦b <CODE>/etc/login.defs</CODE> ñ¤J³]©wÀɶi¦æ­×§ï¡C
¸Ó³]©wÀɤ]¥i¯à«ü¨ì¥t¤@­ÓÀÉ¡C
<P>
<P>
<P><EM>Q:</EM> §Ú¹ï <EM>Shadow Suite</EM> ¶i¦æ¦w¸Ë«á¡A²{¦b§Ú¨S¿ìªkñ¤J(login)¨t²Î¡A
§Ú¦³©¿²¤¤°»ò¨BÆJ¶Ü¡H
<P><EM>A:</EM> §A¬O¯uªº¦w¸Ë Shadow µ{¦¡Åo¡A¦ý¬O¨Ã¥¼°õ¦æ <CODE>pwconv</CODE> ©Î§A§Ñ°O½Æ»s
<CODE>/etc/npasswd</CODE> ¨ì <CODE>/etc/passwd</CODE> ¥B½Æ»s <CODE>/etc/nshadow</CODE> ¨ì 
<CODE>/etc/shadow</CODE>Åo¡C §A¤]»Ý­n½Æ»s <CODE>login.defs</CODE> ¨ì <CODE>/etc</CODE>¡C
<P>
<P><EM>Q:</EM> ¦b xlock ¨º¤@³¹¸`¦³´£¨ì§ïÅÜ <CODE>/etc/shadow</CODE> Àɪº¸s²Õ¾Ö¦³ªÌ¨ì
<CODE>shadow</CODE>¡C§Ú¨S¦³ <CODE>shadow</CODE> ¸s²Õ¡A¸Ó¦p¦ó³B²z¡H
<P><EM>A:</EM> §A¥i¥H·s¼W¤@­Ó¡C ²³æªº½s¿è <CODE>/etc/group</CODE> ÀÉ¡AµM«á·s¼W¤@¦æµ¹
shadow ¸s²Õ¡A§A»Ý­n½T»{¸s²Õ½s¸¹¨Ã¥¼³Q¨ä¥L¸s²Õ¨Ï¥Î¡A¥B§A»Ý­n¦b <CODE>nogroup</CODE> 
¬ö¿ý¤§«e´¡¤J¸Ó³]©w¡C ©Î³o§A¥i¥H²¤Æ¹ï rootÅv­­³]©w suid <CODE>xlock</CODE>¡C   
<P>
<P><EM>Q:</EM> ¦³¥ô¦ó¹ï Linux Shadow Password Suite ªº¹q¤l¶l¥ó¦Cªí¶Ü¡H
<P><EM>A:</EM> ¦³¡A¦ý¬O¥¦ªº¥Øªº¬O°w¹ï Linux ¤U¤@­Ó Shadow Suiteª©¥»µo®i¸ò´ú¸Õ¡A§A¥i¥H
¨ì<CODE>shadow-list-request@neptune.cin.net</CODE> ¹q¤l¶l¥óºK­n¿é¤J¡G 
<CODE>subscribe</CODE>¡C  ³o¬O¦b°Q½× Linux <CODE>shadow-YYMMSS</CODE>¨t¦Cª©¥»¡C§AÀ³¸Ó°Ñ¥[¦pªG§A
·Q°Ñ¤©¥¼¨Óµo®i©Î§A¦w¸Ë Suite ¦b§Aªº¹q¸£¥B·Q­n±o¨ì·sª©¥»ªº¸ê°T¡C
<P>
<P><EM>Q:</EM> §Ú¦w¸Ë <EM>Shadow Suite</EM>¡A¦ý¬O·í§Ú¨Ï¥Î <CODE>userdel</CODE> ©R¥O«á¡A
§Ú±o¨ì "userdel: cannot open shadow group file" °T®§¡A§Ú¦³­þ¸Ì§@¿ù¤F¶Ü¡H
<P>
<P><EM>A:</EM> §A½sĶ <EM>Shadow Suite</EM> ®É¦³¶}±Ò <CODE>SHADOWGRP</CODE> ¿ï¶µ¡A¦ý¬O
§A¨S¦³¤@­Ó <CODE>/etc/gshadow</CODE> ÀɮסA§A»Ý­n½s¿è <CODE>config.h</CODE> ÀÉ©M­«·s½s
Ķ©Î«Ø¥ß¤@­Ó <CODE>/etc/group</CODE> ÀÉ¡A½Ð¬Ý shadow groups ¨º¤@¸`¡C
<P>
<P><EM>Q:</EM> §Ú¦w¸Ë <EM>Shadow Suite</EM> ¦ý¬O§ÚµLªk§ä¨ì½s½X±K½X¦b§Úªº
<CODE>/etc/passwd</CODE> ÀÉ¡Aµo¥Í¤°»ò°ÝÃD¡H
<P><EM>A:</EM> §A¥i¯à¦b Shadow <CODE>config.h</CODE> Àɶ}±Ò <CODE>AUTOSHADOW</CODE> ¿ï¶µ©ÎªÌ
§Aªº <CODE>libc</CODE> ³Q <CODE>SAHDOW_COMPAT</CODE> ¿ï¶µ½sĶ¡A§A»Ý­n¨M©w¬O­þ­Ó°ÝÃD¡AµM«á
¦A­«·s½sĶ¡C
<P>
<HR>
<A HREF="Shadow-Password-HOWTO-10.html">Next</A>
<A HREF="Shadow-Password-HOWTO-8.html">Previous</A>
<A HREF="Shadow-Password-HOWTO.html#toc9">Contents</A>
</BODY>
</HTML>
Shadow-Password-HOWTO.html0100644000014400001440000001237507110535716015254 0ustar  cwhuangusers<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=big5">
 <META NAME="GENERATOR" CONTENT="ZH-SGML-Tools 1.0.9">
 <TITLE>¦p¦ó¨ú±o¡A¦w¸Ë¡A³]©w shadow ±K½X</TITLE>
 <LINK HREF="Shadow-Password-HOWTO-1.html" REL=next>


</HEAD>
<BODY>
<A HREF="Shadow-Password-HOWTO-1.html">Next</A>
Previous
Contents
<HR>
<H1>¦p¦ó¨ú±o¡A¦w¸Ë¡A³]©w shadow ±K½X</H1>

<H2>§@ªÌ:¡@Michael H. Jackson, <CODE>
<A HREF="mailto:mhjack@tscnet.com">mhjack@tscnet.com</A></CODE><BR>
                ĶªÌ:¡@Sung Min-Ju, <CODE>
<A HREF="mailto:songmj@ms1.hinet.net">songmj@ms1.hinet.net</A></CODE>
                </H2>v1.3, 3 April 1996
        ½Ķ¤é´Á:¡@15 MAY 2000
<P><HR>
<EM>³o¥÷¤å¥ó¥D­n´y­z¦p¦ó¨ú±o¡A¦w¸Ë©M³]©w <EM>Shadow Suite</EM> ±K½X¡C¥¦¤]´y­z¨ú±o©M¦w¸Ë»Ý­n¦s¨ú¨Ï¥ÎªÌ±K½X¤§¨ä¥L³nÅé©Mºô¸ôºÊ±±µ{¦¡(network daemons)¡C³o¨Ç¨ä¥L³nÅ餣¬O Shadow Suit ªº¯u¹ê³¡¤À¡A¦ý¬O³o¨Çµ{¦¡±N»Ý­n³Q­«·s½sĶ¥Î¥H¤ä´©<EM>Shadow Suite</EM> ¡C³o¥÷¤å¥ó¥ç¥]¬A¤@­Óµ{¦¡½d¨Ò¡G¹ïµ{¦¡¥[¤J shadow ¤ä´©¡C¥»¤åµ²§À³¡¤À¬°±`°Ý°ÝÃD¤Îµª®×¡C</EM>
<HR>
<P>
<H2><A NAME="toc1">1.</A> <A HREF="Shadow-Password-HOWTO-1.html">²¤¶</A></H2>

<UL>
<LI><A HREF="Shadow-Password-HOWTO-1.html#ss1.1">1.1 §ó§ï¤W¤@ª©¥»³¡¤À</A>
<LI><A HREF="Shadow-Password-HOWTO-1.html#ss1.2">1.2 ·sª©¤å¥ó</A>
<LI><A HREF="Shadow-Password-HOWTO-1.html#ss1.3">1.3 ¦^ÂÐ</A>
</UL>
<P>
<H2><A NAME="toc2">2.</A> <A HREF="Shadow-Password-HOWTO-2.html">¬°¦ó shadow §Aªº passwd ÀÉ?</A></H2>

<UL>
<LI><A HREF="Shadow-Password-HOWTO-2.html#ss2.1">2.1 ¬°¦ó±z¤£­n shadow §Aªº passwd ÀÉ</A>
<LI><A HREF="Shadow-Password-HOWTO-2.html#ss2.2">2.2 ®æ¦¡¤Æ /etc/passwd ÀÉ</A>
<LI><A HREF="Shadow-Password-HOWTO-2.html#ss2.3">2.3 ®æ¦¡¤Æ shadow ÀÉ</A>
<LI><A HREF="Shadow-Password-HOWTO-2.html#ss2.4">2.4 ¦^ÅU crypt(3).</A>
</UL>
<P>
<H2><A NAME="toc3">3.</A> <A HREF="Shadow-Password-HOWTO-3.html">¨ú±o Shadow Suite.</A></H2>

<UL>
<LI><A HREF="Shadow-Password-HOWTO-3.html#ss3.1">3.1 Shadow Suite for Linux ªº¾ú¥v(¼È¤£Â½Ä¶)</A>
<LI><A HREF="Shadow-Password-HOWTO-3.html#ss3.2">3.2 History of the Shadow Suite for Linux</A>
<LI><A HREF="Shadow-Password-HOWTO-3.html#ss3.3">3.3 ¦p¦ó¨ú±o Shadow Suite¡H</A>
<LI><A HREF="Shadow-Password-HOWTO-3.html#ss3.4">3.4 Shadow Suite¥]§t¤°»ò¡H</A>
</UL>
<P>
<H2><A NAME="toc4">4.</A> <A HREF="Shadow-Password-HOWTO-4.html">½sĶµ{¦¡</A></H2>

<UL>
<LI><A HREF="Shadow-Password-HOWTO-4.html#ss4.1">4.1 ¸ÑÀ£ÁY</A>
<LI><A HREF="Shadow-Password-HOWTO-4.html#ss4.2">4.2 ³]©w config.h ÀÉ</A>
<LI><A HREF="Shadow-Password-HOWTO-4.html#ss4.3">4.3 ³Æ¥÷­ì©lµ{¦¡</A>
<LI><A HREF="Shadow-Password-HOWTO-4.html#ss4.4">4.4 °õ¦æ make</A>
</UL>
<P>
<H2><A NAME="toc5">5.</A> <A HREF="Shadow-Password-HOWTO-5.html">¦w¸Ë</A></H2>

<UL>
<LI><A HREF="Shadow-Password-HOWTO-5.html#ss5.1">5.1 ¤âÃä·Ç³Æ¤@­Ó¶}¾÷¤ù</A>
<LI><A HREF="Shadow-Password-HOWTO-5.html#ss5.2">5.2 ²¾°£½Æ»sªº man pages</A>
<LI><A HREF="Shadow-Password-HOWTO-5.html#ss5.3">5.3 °õ¦æ make install</A>
<LI><A HREF="Shadow-Password-HOWTO-5.html#ss5.4">5.4 °õ¦æ pwconv</A>
<LI><A HREF="Shadow-Password-HOWTO-5.html#ss5.5">5.5 ­«·s©R¦W npasswd ©M nshadow</A>
</UL>
<P>
<H2><A NAME="toc6">6.</A> <A HREF="Shadow-Password-HOWTO-6.html">¨ä¥L§A»Ý­n¤É¯Å(upgrade)©Î¸É±j(patch)µ{¦¡</A></H2>

<UL>
<LI><A HREF="Shadow-Password-HOWTO-6.html#ss6.1">6.1 Slackware adduser µ{¦¡</A>
<LI><A HREF="Shadow-Password-HOWTO-6.html#ss6.2">6.2 wu_ftpd Server</A>
<LI><A HREF="Shadow-Password-HOWTO-6.html#ss6.3">6.3 ¼Ð·Ç ftpd</A>
<LI><A HREF="Shadow-Password-HOWTO-6.html#ss6.4">6.4 pop3d (Post Office Protocol 3)</A>
<LI><A HREF="Shadow-Password-HOWTO-6.html#ss6.5">6.5 xlock</A>
<LI><A HREF="Shadow-Password-HOWTO-6.html#ss6.6">6.6 xdm</A>
<LI><A HREF="Shadow-Password-HOWTO-6.html#ss6.7">6.7 sudo</A>
<LI><A HREF="Shadow-Password-HOWTO-6.html#ss6.8">6.8 imapd (E-Mail [pine package])</A>
<LI><A HREF="Shadow-Password-HOWTO-6.html#ss6.9">6.9 pppd (Point-to-Point Protocol Server)</A>
</UL>
<P>
<H2><A NAME="toc7">7.</A> <A HREF="Shadow-Password-HOWTO-7.html">±N Shadow Suite ©ñ¶i¨Ó¨Ï¥Î¡C</A></H2>

<UL>
<LI><A HREF="Shadow-Password-HOWTO-7.html#ss7.1">7.1 ·s¼W¡B­×§ï©M§R°£¨Ï¥ÎªÌ</A>
<LI><A HREF="Shadow-Password-HOWTO-7.html#ss7.2">7.2 passwd «ü¥O©M passwd ¦Ñ¤Æ</A>
<LI><A HREF="Shadow-Password-HOWTO-7.html#ss7.3">7.3 login.defs ÀÉ</A>
<LI><A HREF="Shadow-Password-HOWTO-7.html#ss7.4">7.4 ¸s²Õ±K½X</A>
<LI><A HREF="Shadow-Password-HOWTO-7.html#ss7.5">7.5 Àˬdµ{¦¡¤@­P©Ê</A>
<LI><A HREF="Shadow-Password-HOWTO-7.html#ss7.6">7.6 Dial-up ±K½X</A>
</UL>
<P>
<H2><A NAME="toc8">8.</A> <A HREF="Shadow-Password-HOWTO-8.html">¥[¤J shadow ¤ä´© C »y¨¥</A></H2>

<UL>
<LI><A HREF="Shadow-Password-HOWTO-8.html#ss8.1">8.1 ¼ÐÀYÀÉ(Header files)</A>
<LI><A HREF="Shadow-Password-HOWTO-8.html#ss8.2">8.2 libshadow.a ¨ç¦¡®w(library)</A>
<LI><A HREF="Shadow-Password-HOWTO-8.html#ss8.3">8.3 Shadow µ²ºc(Structure)</A>
<LI><A HREF="Shadow-Password-HOWTO-8.html#ss8.4">8.4 Shadow ¨ç¦¡(Functions)</A>
<LI><A HREF="Shadow-Password-HOWTO-8.html#ss8.5">8.5 ½d¨Ò</A>
</UL>
<P>
<H2><A NAME="toc9">9.</A> <A HREF="Shadow-Password-HOWTO-9.html">±`°Ý°ÝÃD¤Îµª®×</A></H2>

<P>
<H2><A NAME="toc10">10.</A> <A HREF="Shadow-Password-HOWTO-10.html">ª©ÅvÁn©ú(¼È¤£Â½Ä¶)</A></H2>

<P>
<H2><A NAME="toc11">11.</A> <A HREF="Shadow-Password-HOWTO-11.html">Miscellaneous and Acknowledgments.</A></H2>

<HR>
<A HREF="Shadow-Password-HOWTO-1.html">Next</A>
Previous
Contents
</BODY>
</HTML>
Results 1 - 1
Help - FTP Sites List - Software Dir.
Searching half a billion files worldwide
© 1997-2009 MARUHN Internet Solutions