Bug 121 – sudo 1.6.6 and 1.6.7 do not work with ShadowPassword on HP-UX 11i (11.11)

Bug 121 - sudo 1.6.6 and 1.6.7 do not work with ShadowPassword on HP-UX 11i (11.11)


Summary:	sudo 1.6.6 and 1.6.7 do not work with ShadowPassword on HP-UX 11i (11.11)

Status:	RESOLVED FIXED

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.6.7
Hardware:	HP HP-UX

Importance:	normal normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2003-09-15 15:58 MDT by Rich Benoit
Modified:	2004-01-09 05:30 MST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Rich Benoit 2003-09-15 15:58:54 MDT

HP has added a new product called ShadowPassword for HP-UX 11i or higher.  
This provides for just a shadow password file (/etc/shadow).  This shouldn't 
be confused with the Trusted Computing Base that HP has supplied for many 
years that includes a different type of shadowing.  Sudo will not accept any 
password that I enter while the system is "converted" (using pwconv).  If I 
unconvert the system with pwunconv, sudo works fine.  I tried compiling 1.6.7 
with the "#define HAVE_GETSPNAM 1" set with the same result.

Comment 1 Rich Benoit 2003-09-26 12:49:33 MDT

I was able to get around this problem by undefining HAVE_ISCOMSEC and defining
HAVE_GETSPNAM.  The logic in the code of getspwuid.c assumes that there are 2 
choices, Trusted or normal.  Instead, if getspnam is available it should be 
used.  On a properly patched HPUX 11.11 server, getspnam will work with shadow 
password, trusted, or no shadowing.

Comment 2 Todd C. Miller 2004-01-09 01:30:45 MST

I changed the configure script to use getspnam() for HP-UX 11 and higher.