Bug 121

Summary: sudo 1.6.6 and 1.6.7 do not work with ShadowPassword on HP-UX 11i (11.11)
Product: Sudo Reporter: Rich Benoit <rbenoit3>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED FIXED    
Severity: normal    
Priority: normal    
Version: 1.6.7   
Hardware: HP   
OS: HP-UX   

Description Rich Benoit 2003-09-15 15:58:54 MDT 
HP has added a new product called ShadowPassword for HP-UX 11i or higher.  
This provides for just a shadow password file (/etc/shadow).  This shouldn't 
be confused with the Trusted Computing Base that HP has supplied for many 
years that includes a different type of shadowing.  Sudo will not accept any 
password that I enter while the system is "converted" (using pwconv).  If I 
unconvert the system with pwunconv, sudo works fine.  I tried compiling 1.6.7 
with the "#define HAVE_GETSPNAM 1" set with the same result.
Comment 1 Rich Benoit 2003-09-26 12:49:33 MDT 
I was able to get around this problem by undefining HAVE_ISCOMSEC and defining
HAVE_GETSPNAM.  The logic in the code of getspwuid.c assumes that there are 2 
choices, Trusted or normal.  Instead, if getspnam is available it should be 
used.  On a properly patched HPUX 11.11 server, getspnam will work with shadow 
password, trusted, or no shadowing.
Comment 2 Todd C. Miller 2004-01-09 01:30:45 MST 
I changed the configure script to use getspnam() for HP-UX 11 and higher.