  Linux Shadow Password HOWTO
  Michael H. Jackson, mhjack@tscnet.com 
  ƣ, fujiwara@cim.pe.u-tokyo.ac.jp 
  v1.3, 1996ǯ43

  ʸ Linux Υѥɤ shadow  Shadow Suit ꡢ
  ȡڤˡˤĤΤǤޤ桼Υѥ
  ǧڤԤեȥǡ()󥹥ȡˤĤƤ⤷
  Υץ Shadow Suit ΰǤϤޤ󤬡Shadow
  Suit 򥵥ݡȤ뤿ˤϺƥѥ뤹ɬפޤޤ
  ʸˤ shadow ѥɤ򥵥ݡȤץ񤤤Ƥ
  βǤϤ褯ʹؤβ⤵˲äĤǤ
  ______________________________________________________________________

  Table of Contents:

  1.      Ϥ

  1.1.    Ǥѹ

  1.2.    ʸκǿǤˤĤ

  1.3.    եɥХå

  2.      shadow ѥɤȤ٤ͳ

  2.1.    shadow ѥɤȤʤۤɤ

  2.2.    /etc/passwd եΥեޥå

  2.3.    shadow եΥեޥå

  2.4.    crypt(3) γ

  3.      Shadow Suite 

  3.1.    Linux Ѥ Shadow Suite 

  3.2.    Shadow Suite 

  3.3.    Shadow Suite ˤϲޤޤƤ뤫

  4.      ץΥѥ

  4.1.    ֤Ÿ

  4.2.    config.h ˤ

  4.3.    ΥץΥХååפκ

  4.4.    Make μ¹

  5.      󥹥ȡ

  5.1.    ƥ˲ƤΥ֡ȥǥ

  5.2.    ʣ륪饤ޥ˥奢κ

  5.3.    make install μ¹

  5.4.    pwconv μ¹

  5.5.    npasswd  nshadow Υ͡

  6.      åץ졼ɤ뤫ѥåƤɬפץ

  6.1.    Slackware adduser program

  6.2.    wu_ftpd 

  6.3.    ɸ ftpd

  6.4.    pop3d (Post Office Protocol 3)

  6.5.    xlock

  6.6.    xdm

  6.7.    sudo

  6.8.    imapd (E-Mail

  6.9.    pppd (PPP ץȥ륵)

  7.      Shadow Suite ȤäƤߤ

  7.1.    桼ɲáѹ

  7.1.1.  useradd

  7.1.2.  usermod

  7.1.3.  userdel

  7.2.    passwd ޥɤȥѥɤδ

  7.3.    login.defs ե

  7.4.    롼פΥѥ

  7.5.    åץ

  7.5.1.  pwck

  7.5.2.  grpck

  7.6.    륢åסѥ

  8.      Cץ Shadow Suite бˡ

  8.1.    إåե

  8.2.    libshadow.a 饤֥

  8.3.    Shadow ¤

  8.4.    Shadow ݡȤΤδؿ

  8.5.    

  9.      褯ʹ(Frequently Asked Questions).

  10.     Copyright Message(ɽ)

  11.     ¾ / ռ

  12.     Ԥ
  ______________________________________________________________________

  1.  Ϥ

  ʸ Linux Shadow-Password-HOWTO Ǥʸ Linux ƥ
  ˤʤ shadow ѥɤƳΤޤɤΤ褦ƳΤ
  ޤShadow Suite εǽˡˤĤƤ⤢ޤ

  Shadow Suite 򥤥󥹥ȡ뤹䡢桼ƥƥȤˤ root
  ǤʤФʤޤShadow Suite 򥤥󥹥ȡ뤹ݤˤϥƥ
  𴴥եȥѹԤΤǡ褦˥Хååפ
  ٤ǤޤȤϤˤϡ줫Ԥ򤹤٤ɤߡ
  򤷤Ƥ٤Ǥ礦

  1.1.  Ǥѹ

  ɲ:
          shadow ѥɤ򥤥󥹥ȡ뤷ʤۤ褤ˤĤƤɲ
          xdm ιˤĤƤɲ
          Shadwo Sutie ưΤˤĤƤξϤɲ
          褯ʹˤĤƤξϤɲ

  /:
          Sunsite  html ؤλȤ
          wu-ftp ξϤ Makefile  -lshadow  Makefile ˲ä褦
          æ
          wu-ftp ξϤ ELF 򥵥ݡȤ褦ѹ
          ץ'login'Ǥ륻ƥ򹹿
          Marek Michalkiewicz ˤ Linux Shadow Suite 侩褦

  1.2.  ʸκǿǤˤĤ

  ʸκǿǤϰʲΥȤ anonymous FTP Ǥޤ:
  sunsite.unc.edu

  /pub/Linux/docs/HOWTO/Shadow-Password-HOWTO

  뤤:

  /pub/Linux/docs/HOWTO/other-formats/Shadow-Password-HOWTO{-html.tar,ps,dvi}.gz

  뤤ϡWWW Ѥơ Linux Documentation Project Web Server
  <http://sunsite.unc.edu/mdw/linux.html>  Shadow-Password-HOWTO
  <http://sunsite.unc.edu/linux/HOWTO/Shadow-Password-HOWTO.html> Υڡ
  ꤹ뤳ȤǤޤ

  ޤɮ(<mhjack@tscnet.com>) ľꤹ뤳ȤǤޤ
  comp.os.linux.answers ˥塼롼פˤƤޤ

  ʸϸߤ Shadow-YYDDMM ѥåˤޤޤ褦ˤʤޤ
  

  : ܸκǿǤˤĤƤ WWWѤǤʤ JF-INDEX
  <http://jf.gee.kyoto-u.ac.jp/JF/JF-ftp/other-formats/INDEX-JF.html> 
  顢 ftp ѤǤʤ ftp.kuis.kyoto-u.ac.jp /Linux/JF/ǥ
  ȥʤɤǤޤ

  ޤ(<fujiwara@cim.pe.u-tokyo.ac.jp>) ľܡ뤤
  WWWڡ <http://www.cim.pe.u-tokyo.ac.jp/~fujiwara/doc/linux-
  j.html> ꤹ뤳ȤǤޤ

  1.3.  եɥХå

  ȤƤʤɤɮ(Michael H. Jackson
  <mhjack@tscnet.com>)äƲ᤯եɥХåС
  ᤯ʸľȤǤޤޤͥåȥ˥塼ϸƤ
  ΤǡԶ򸫤Ĥˤľܥ᡼äƲ

  2.  shadow ѥɤȤ٤ͳ

  ߤϤۤȤɤ Linux ΥѥåǤ Shadow Suite ɸǤϥ
  ȡ뤵ޤSlackware 2.3, Slackware 3.0 ¾Υݥԥ顼ʥѥ
  ǤʤäƤޤͳΰĤϥꥸʥ Shadow Suite 
  ɽϡ̵ۤǤʤˤĤΤǤLinux  CD-
  ROM Τ褦ۤʥǥإѥåФ󽷤
  뤳ȤԤ䤹 GNU Copyright (Copyleft Ȥޤ)
  Ƥޤ

  Shadow Suiteƥʥ󥹤Ƥ, Marek Michalkiewicz
  <marekm@i17linuxb.ists.pwr.wroc.pl> ϸκԤ顢ۤΤǤ
  BSD ΤȤ˥ɤäƤޤߤ
  ϲ褷ƤΤǡɸ Linux Υѥå Shadow
  Suite ޤޤ뤳ȤˤʤǤ礦ޤǤϡ桼ʬȤǥ
  ȡ뤷ʤФʤޤ

  ѥå CD-ROM 饤󥹥ȡ뤹ˤϡѥåΤ
  Shadow Suite 򥤥󥹥ȡ뤷ʤƤ⡢Shadow Suite Υ󥹥ȡɬ
  פʥե CD-ROM ˴ޤޤƤ뤳Ȥޤ

  С3.3.1, 3.3.1-2 Shadow Suite  shadow-mk Ǥ
  login ץroot  suid 줿ץǥƥ
  򵯤ޤǤ顢ȤäƤϤޤ

  ɬפʥե anonymous FTP  WWW Ѥꤹ뤳ȤǤ
  

  Shadow Suite 󥹥ȡ뤵Ƥʤ Linux ƥǤϥѥɤ
  ޤ᤿桼 /etc/passwd ե˵ϿƤޤ
  ѥɤϰŹ沽줿֤ǵϿƤޤŹȤ
  碌ȤϰŹ沽(encrypt)ǤϤʤ󥳡(encode)˲᤮ʤ
  Ǥcrypt(3) Ѥʸ󤬶ǤХѥɤϥ
  ʤäƤޤǤͳ顢ʹߤʸǤ'Ź沽'ǤϤ
   '󥳡'θѤޤ

  ǥѥɤ򥨥󥳡ɤ뤿Ѥ륢르ꥺϡŪ
  ˤñΥϥåؿȸΤǤϡˤϷ׻
  䤹ɡεη׻񤷤Ȥ르ꥺǤ
  ݤΥ르ꥺˤĤƤΤܤ 2.4ᤫ crypt(3) Υޥ˥奢
  򻲾ȤƲ

  桼ѥɤ᤿硢Υѥɤϥ˷
   salt ȸƤФͤѤƥ󥳡ɤޤ뤳ȤǰĤʸ
  󤬥󥳡ɤ줿̤ȤƼꤦ̤ 4096 ̤ˤʤ
  salt ͤϥ󥳡ɤ줿ѥɤȰ˵Ͽޤ
  桼˥ѥɤϤȡޤ salt 󥳡ɤ
  ƤѥɤФޤơϤ줿ѥɤ
  salt Ѥƥ󥳡ɤƤη̤򥨥󥳡ɤ줿ʸӤ
  줬פ桼Ȥǧڤޤ

  ˥󥳡ɤ줿ѥɤꤷΥѥɤ
  ȤϷ׻麤Ǥ(ԲǽǤϤʤ)ʣʾοͤȤ
  ƥǤϾʤ餺ΥѥɤϤդ줿ñ(뤤Ϥդ줿
  ñ򾯤ѤΤ)ˤʤäƤޤ

  åϤΤ褦ʻ褯ΤäƤΤ 4096 Ƥ salt 
  ƼñȤ褯Ȥ줽ʥѥɤ򤢤餫ᥨ󥳡ɤƤ
  ޤơ/etc/passwd ˽񤫤Ƥ륨󥳡ɤѥɤ
  η̤ӤޤǰפΤĤСå¾ͤ
  ѥɤˤäȤˤʤ櫓Ǥϡּ񹶷פȸƤФ
  ǡǧڤ˥ƥ˥뤿ξʤǤ

   8 ʸʤѥɤ 13 ʸ 4096 ̤ʸ
  ɤ줫˥󥳡ɤޤäơܸͭ̾Ȥ˴ñ
  ѲĤΤ򽸤ƺä400,000 ٤μ 4GB Υϡɥǥ
  ˽ʬޤ뤯餤礭ǤåϤ򥽡ȤƤ
   /etc/passwd ʸȰפ뤫ɤĴ٤Ǥ褤Τ
  4GB Υϡɥǥ 1,000 ɥʲ㤨뤯餤Ǥ顢
  ΥåϻäƤȹͤ٤Ǥ

  ޤåǽˤʤ /etc/passwd ե줿
  ˤϥåϤΥե˴ޤޤƤsaltȤäƼ򥨥󥳡
  Ƥ椱Ф褤ˤʤäƤޤޤǥɴᥬХȤ486
  CPUĥޥ󤬤С٤ΤȤϻҶǤǤƤޤ
  

  ̤ΥǥʤƤ crack(1) Τ褦ʥ桼ƥƥѤС
  ٰʾοΥ桼륷ƥξʤȤĤϥѥɤˤ
  ȤǤޤ(桼ϼʬǳƼΥѥɤΤȤޤ)

  /etc/passwd եˤ¿ΥƥץबȤ桼 ID 䥰
  ID Τ褦ʾ󤬽񤫤ƤޤäơΥե椫
  ǤʤФʤޤ㤨С /etc/passwd եï
  ʤ褦ˤƤޤä顢ƶäϤˤʤǤ礦

  Shadow Suite ϥѥɤ̤ξ˰ܤȤǤ褷ޤ(
   /etc/shadow)Υեïɤʤ褦ꤵ
  root /etc/shadow եɤ߽񤭤ǤޤĤΥץ
  (xlock ʤ) /etc/shadow ѹϤǤʤƤ⤤Ǥѥ
  ɤγǧϹԤɬפޤΤ褦ʥץ root  SUID
  뤫shadow 롼פ°ɬפޤѥɤǧ뤿
   root  SUID ϡshadow  SGID ɤͤȸ
  ޤ

  ѥɤ /etc/shadow ˰ư뤳Ȥˤäơå
  ɤ줿ѥɤ˥Ƽ񹶷Ѥ뤳Ȥɤޤ

  äơShadow Suite ϰʲΤ褦ĹäƤޤ:

  o  ΥǥեȤꤹ륳ե졼ե
     (/etc/login.defs)
  o  桼Ȥ䥰롼פɲá뤿Υ桼ƥ
     ƥ

  o  ŤѥɤΥå

  o  Ȥδȥå

  o  Ĺѥ (16ʸΥѥ) 侩ޤ

  o  桼Υѥɷ椷䤹

  o  륢åסѥ

  o  2ǧڥץ 侩ޤ

  Shadow Suit 򥤥󥹥ȡ뤹뤳ȤǥƥΥƥ򶯲뤳
  ȤǤޤLinux ƥΥƥ궯뤿ˤϡ¾
  ˤ٤ȤϿ¿ޤƥˡȥƥ
  ˴طˤĤƲ⤹ Linux Security HOWTO ꡼Τ
  Ǥ뤳ȤǤ礦

  ΤΥƥۡˤĤƤηٹʤɡ Linux Υƥˤ
  Ƥκǿξ뤿ˤLinux Security ۡڡ
  <http://bach.cis.temple.edu/linux/linux-security/> 򻲾ȤƲ

  2.1.  shadow ѥɤȤʤۤɤ

  Shadow Suite򥤥󥹥ȡ뤹뤳Ȥʤ餺ɤȤǤϤʤĶ
  ƥ๽⤢ޤ

  o  ƥ˥桼Ȥʤ硣

  o  ԥ塼 LAN ˷ҤäƤơ桼̾ѥɤ NIS
     (Network Information Services) ͳǥͥåȥ¾Υޥ󤫤
     Ƥ硣(ʸϰϤ򳰤Ƥȡޤꥻ
     ƥ˾ʤΤޤ)

  o  ƥब NFS (Network File System) NIS ʤɤѤƥ桼ǧڤ
     뤿˥ߥʥ륵ФˤäѤ

  o  桼ǧڤϤ뤬shadow ѥɤбƤ餺
     ̵եȥȤʤФʤʤ

  2.2.  /etc/passwd եΥեޥå

  shadow Ƥʤ /etc/passwd եϰʲΤ褦ʥեޥåȤ
  ʤäƤޤ:

        username:passwd:UID:GID:full_name:directory:shell

  ǡ

     username
        桼Υ͡

     passwd
        󥳡ɤ줿ѥ
     UID
        桼 ID ()

     GID
        ǥեȤΥ롼 ID ()

     full_name
        桼̾ºݤˤϤΥեɤ GECOS (General Electric
        Comprehensive Operating System) եɤȸƤФ졢桼̾
        ʳξݻǤޤShadow Suite Υޥɤӥ饤
        ޥ˥奢ǤϥȥեɤȤƵҤƤޤ

     directory
        桼Υۡǥ쥯ȥ

     shell
        桼Υ󥷥(Хѥ)

  㤨мΤ褦ˤʤޤ:

        username:Npge08pfz4wuk:503:100:Full Name:/home/username:/bin/sh

  ǡ2եɤ Np  salt ǡge08pfz4wuk ϥ󥳡ɤ줿
  ѥɤǤƱѥɤǤ⡢salt/ѥɤȤ߹碌 kbe-
  MVnZM0oL7I Τ褦ˤʤ⤢ޤĤΥѥɤ˴ؤƥ
  󥳡ɤǽ 4096̤Ǥ(Ѥ 'password' Ȥ
  ѥɤˤ䤹ˤ˰ѥɤǤ)

  Shadow suite 󥹥ȡ뤵ȡ/etc/passwd եϰʲΤ褦
  ˤʤޤ:

        username:x:503:100:FullName:/home/username:/bin/sh

  ξ2ܤΥեɤ 'x' ñ˾ƤǤ
  ɤ줿ѥɤϴޤޤʤʤޤ /etc/passwd ե
  եޥåȼΤѤޤ󡣽äơ /etc/passwd եɤऱ
  ɥѥǧڤϹԤʤץϰ̤ưޤ

  ѥɤ shadow ե(̾ /etc/shadow) ˰ܤޤ

  2.3.  shadow եΥեޥå

  /etc/shadowեˤϰʲΤ褦ʾ󤬵ҤƤޤ:

        username:passwd:last:may:must:warn:expire:disable:reserved

  ƤϰʲΤ褦ʰ̣ޤ:

     username
        桼̾

     passwd
        󥳡ɤ줿ѥ

     last
        1970ǯ11顢ѥɤǸ˹줿ޤǤ

     may
        ˥ѥɤѹ줿Ȼפ뤫

     must
        ѥɤѹʤФʤʤ

     warn
        ѥɤδڤβ˥桼˷ٹ𤹤뤫

     expire
        ѥɴڤβ˥Ȥä뤫

     disable
        1970ǯ11顢Ȥä줿ޤǤ

     reserved
        ͽե

  ۤɤƱǤ /etc/shadow ϤΤ褦ˤʤޤ:

        username:Npge08pfz4wuk:9479:0:10000::::

  2.4.  crypt(3) γ

  crypt(3) Υ饤ޥ˥奢:

  "cryptϥѥɤΰŹ沽ؿǤ롣 Data Encryption Standard
  (DES) Υ르ꥺˡä˥Υϡɥ򤷤ˤ뤳
  Ȥä˰տޤѲĤΤ˴ŤƤ롣

  ϥ桼ϤѥɤǤ롣 󥳡ɤ줿ʸϤ
  NULLǤ롣

  salt  a-zA-Z0-9./ 椫2ʸʸǤ롣ʸϥ
  르ꥺ4096̤ΰۤʤ̤ĤŬӽФѤ
  롣

  γʸβ7ӥåȤФȤ 56ӥåȤΥ롣
  56ӥåȤΥʸ(̾0ʸޤ)򷫤֤Ź
  뤿Ѥ롣ᤷͤϰŹ沽줿ѥɤؤΥݥ󥿤Ǥ
  ꡢΥѥɤ13ʸ ASCII ʸǤ(ǽ2ʸsaltΤ
  ΤǤ)ᤷͤΥݥ󥿤ؤΰϸƤӽФȤ˾񤭤Ū
  ʥǡǤ롣

  ٹ:֤ 256(=7.2e16)Ĥͤ뤳ȤǤ롣Υ
  ̤׻Ѥõ뤳ȤǽǤ롣ޤcrack(1)
  Τ褦ʥեȥϿʹ֤ѥɤѤñ줬륭֤
  ʬ֤˹ʤäƸԤäơѥɤǤϤդ줿ñ
  ̾λѤ򤱤٤Ǥ롣ѥɤݤˤˤ䤹
  ɤΥåԤ passwd(1) ץѤɤ

  DES 르ꥺ༫ΤˤʤΤǡcrypt(3)Υ󥿥եϥѥ
  ǧڤ¾˻Ȥ٤ǤϤʤcrypt(3)Υ󥿥եŹ椽Τ
  ˴ؤץȤѤƤϤʤʤΤ褦ʾˤϡŹ沽
  Ĥƽ񤤤ƤɤܤȹѤ뤳ȤǤ DES 饤֥
  ٤Ǥ롣"

  ۤȤɤ Shadow Suites ѥåˤϥѥɤ16ʸĹ
  ɤޤޤƤޤDESȤϤ侩Ƥޤ󡣥
  ɤĹܤǤ⡢ǽ˺Ⱦʬ򥨥󥳡ɤơ˱Ⱦʬ򥨥
  ɤƤǤcryptưΤǤꡢϤᤫ
  ĹѥɤȤƤʤä٤Ƥ⡢ȼʥѥ
  äƤޤޤޤ桼16 ʸΥѥɤФƤ餦
  ȤϺǤȤͳ⤢ޤ

  cryptΤǡĹѥɤ򥵥ݡȤ(ä MD5 
  ꥺ)cryptȤθߴݻƤ褦ǧڥ르ꥺ
  ȯ褦ȤƤץȤޤ

  ⤷ɼԤŹ沽ˤĤƤɤܤõƤʤ顢ɮԤϰʲܤ
  Ƥޤ:

          "Applied Cryptography: Protocols, Algorithms, and Source Code in C"
          by Bruce Schneier <schneier@chinet.com>
          ISBN: 0-471-59756-2

  3.  Shadow Suite 

  3.1.  Linux Ѥ Shadow Suite 

  ƥ꤬ΤǡǽҤ٤ŤѥåȤäƤ
  ޤ

  ꥸʥ Shadow Suite  John F. Haugh IIˤäƺޤ
  

  Linux ƥѤƤСϤĤޤ:

  o  shadow-3.3.1 ϥꥸʥǤ

  o  shadow-3.3.1-2  Florian La Roche <flla@stud.uni-sb.de> ˤä
     񤫤줿 Linux ѤΥѥåǡȼγĥ⤷Ƥޤ

  o  shadow-mk Linux ѤΥѥåǤ

  shadow-mkѥå John F. Haugh II ᤬ۤƤ shadow-3.3.1
  ѥå shadow-3.3.1-2 ؤΥѥå Mohan Kokal
  <magnus@texas.net> ˤäƤʤ줿󥹥ȡñˤ뤿ν
  Joseph R.M. Zbiciak ˤ /bin/login  -f, -h Υץ
  ưˤĤƤΥƥۡɤ login1.c (login.secure)
  ФѥåڤӤ¾ĤѹäΤǤ

  shadow.mkѥå Ͽ侩Ƥޤ loginץΥ
  ƥ꤬ΤǻȤ٤ǤϤʤǤ礦

  С 3.3.1, 3.3.1-2  Shadow  shadow-mk Ǥloginץ
  ƥ꤬ޤlogin ΥХϥ̾Ĺ
  åʤȤΤǤˤХåեСեƥ
  ब۾ưƤޤޤƥ˥ȤäƤ
  ֤ϡΥХȶͭ饤֥Ȥä root θ¤뤳Ȥ
  ȤήޤϤˤĤƾܤä򤹤ĤϤ
  󡣱ƶ򤦤 Linux ƥ¿ɡShadow Suites
  򥤥󥹥ȡ뤷 Linux ƥС ELF ǥѥå
  ƥShadow Suites򥤥󥹥ȡ뤷ƤʤΤϴˤ餵
  Ǥ

  䡢¾ Linux ΥƥˤĤƤξ뤿
  ϡ Linux Security ۡڡ (ͭ饤֥loginץ 
  ) <http://bach.cis.temple.edu/linux/linux-security/Linux-Security-
  FAQ/Linux-telnetd.html> 򸫤Ȥ褤Ǥ礦

  3.2.  Shadow Suite 

  ߿侩ͣ Shadow Suite Ϥޤ¥СǤǿΤ
  ϺäƤĶǤϰǤꡢ loginץޤǤޤ
  

  ѥåϰʲ̾դε§ȤäƤޤ:

        shadow-YYMMDD.tar.gz

  ϡShadow Suite  YYǯMMDD ǤǤ뤳Ȥ̣ޤ

  ΥСϸߦ¥ƥǤꡢ䤬ƥС 3.3.3 ˤʤ
  礦Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl> 
  ˤäƥƥʥ󥹤Ƥꡢ shadow-current.tar.gz
  <ftp://i17linuxb.ists.pwr.wroc.pl/pub/linux/shadow/shadow-
  current.tar.gz> ǽǤ

  ޤʲΥߥ顼Ȥ⤢ޤ:

  o  ftp://ftp.icm.edu.pl/pub/Linux/shadow/shadow-current.tar.gz

  o  ftp://iguana.hut.fi/pub/linux/shadow/shadow-current.tar.gz

  o  ftp://ftp.cin.net/usr/ggallag/shadow/shadow-current.tar.gz

  o  ftp://ftp.netural.com/pub/linux/shadow/shadow-current.tar.gz

  ѤǤǿǤѤޤ礦

  shadow-960129ŤСΤΤҤ٤褦 loginץ
  ꤬ΤǻȤäƤϤޤ

  ʸ Shadow Suite Ƚ񤯻ϡΥѥåˤĤƵҤƤ
  ΤȤޤޤʤȤѥå⤳ǤΤȲꤷ
  

  ͤΤˡshadow-960129 ˴Ťƥ󥹥ȡμޤ
  

  ⤷ʤshadow-mkȤäƤʤС٤ƺƹۤƤΥС
  ˥åץ졼ɤ٤Ǥ礦

  3.3.  Shadow Suite ˤϲޤޤƤ뤫

  Shadow SuiteϰʲΥޥɤ֤ޤ:

  su, login, passwd, newgrp, chfn, chsh, and id

  ޤѥåˤϰʲοץबޤޤƤޤ:

  chage, newusers, dpasswd, gpasswd, useradd, userdel, usermod,
  groupadd, groupdel, groupmod, groups, pwck, grpck, lastlog, pwconv,
  and pwunconv

  äơѥɤ˥ɬפץ뤿Υ饤
   libshadow.a ޤޤƤޤ

  ơץΥ饤ޥ˥奢ޤޤƤޤ

  /etc/login.defs Ȥƥ󥹥ȡ뤵롢login ץե
  ޤޤƤޤ

  4.  ץΥѥ

  4.1.  ֤Ÿ

  ѥåꤷκǽκȤϤŸ뤳ȤǤѥå
   tar (Tape ARchive) ǤޤȤ᤿ gzip ǰ̤ƤΤǡޤѥ
   /usr/src ˰ưƤ鼡Τ褦ϤƲ:

        tar -xzvf shadow-current.tar.gz

  ǥѥå /usr/src/shadow-YYMMDD Ȥǥ쥯ȥŸ
  ޤ

  4.2.  config.h ˤ

  ޤǽ˹ԤʤȤMakefileconfig.h2Ĥ񤭥ԡ뤳Ȥ
  :

        cd /usr/src/shadow-YYMMDD
        cp Makefile.linux Makefile
        cp config.h.linux config.h

  ޤ config.h ե򸫤ƤΥեˤꥪץ
  񤫤Ƥޤ⤷ʤ侩ƤѥåѤƤ
  ˤϡޤ롼פshadowݡȤޤ̵ˤޤ礦

  ɸǤϥ롼פΥѥɤͭˤʤäƤޤ̵ˤ뤿
  ˤconfig.hԽ#define SHADOWGRP  #undef SHADOWGRP ѹ
  ȤꤢϤ̵ˤƤȤ˥롼פΥѥ
  䥰롼פδԤɬפȤʤä Shadow Suite ƥѥ뤹
  Ǥ礦⤷ͭʤޤޤˤƤΤʤС/etc/gshadow ե
  ʤФʤޤ

  Ĺѥɤͭˤ뤳Ȥ˽Ҥ٤ͳΤᡢ侩ޤ

  #undef AUTOSHADOW ФѹƤϤޤ

  AUTOSHADOW ץ shadow Ǥʤץⵡǽ褦
  ˤ뤿߷פ줿ΤǤɤȤΤ褦˻פޤ
  ưޤ󡣤Υץͭˤroot ǥץ¹Ԥ
  ȡ getpwnam() ؿƤӽФ줿ˤѹ줿ȥ꡼
  /etc/passwd ե˽ᤷƤޤޤ (Ϥshadow 줿
  ɤʤʤäƤޤ) chfn  chsh ˳ץ
  getpwnam()ƤӽФ˿UIDȼ¸UID򤦤ޤؤ뤳Ȥǲ
  ȤˡϻȤޤ chfn  chsh  root ¤ư뤫
  

  libc ˤƱ̣ SHADOW_COMPAT ץ󤬤ޤƱ
   libc ݤˤƤϤޤޤȤ٤ǤϤޤ

  ⤷/etc/passwdե˥󥳡ɤ줿ѥɤ褦ʤ
  Ǥ

  ⤷4.6.27 ΥСlibcȤäƤʤ顢
  config.hMakefile򤽤줾ѹɬפޤ config.h ϰʲ
  ʬ:

        #define HAVE_BASENAME

  Τ褦ѹƤ:

        #undef HAVE_BASENAME

  Makefile ˤĤƤƱͤǤ:

        SOBJS = smain.o env.o entry.o susetup.o shell.o \
                sub.o mail.o motd.o sulog.o age.o tz.o hushed.o

        SSRCS = smain.c env.c entry.c setup.c shell.c \
                pwent.c sub.c mail.c motd.c sulog.c shadow.c age.c pwpack.c rad64.c \
                tz.c hushed.c

        SOBJS = smain.o env.o entry.o susetup.o shell.o \
                sub.o mail.o motd.o sulog.o age.o tz.o hushed.o basename.o

        SSRCS = smain.c env.c entry.c setup.c shell.c \
                pwent.c sub.c mail.c motd.c sulog.c shadow.c age.c pwpack.c rad64.c \
                tz.c hushed.c basename.c

  libc 4.6.27 ʹߤǤϤѹbasename.cФƹԤƤޤ

  4.3.  ΥץΥХååפκ

  Shadow Suite ֤Ƥޤץ򤢤餫ǧƤ
  ХååפäƤΤɤͤǤSlackware 3.0 ѥåǤ
  ʲΥե뤬ޤ:

  o  /bin/su

  o  /bin/login

  o  /usr/bin/passwd

  o  /usr/bin/newgrp

  o  /usr/bin/chfn

  o  /usr/bin/chsh

  o  /usr/bin/id

  ǥѥåˤ Makefile save ȤåȤޤ
  ȥȤƤޤѥåۤʤХץ֤
  ʤ뤫Ǥ

  /etc/passwdեΥХååפäƤۤɤǤ
  passwdޥɤƱǥ쥯ȥ֤ƾ񤭤Ƥޤʤ褦
  ˡ̤̾ˤޤ礦

  4.4.  Make μ¹

  󥹥ȡȤΤۤȤɤrootȤƹԤɬפޤ

  ѥåμ¹ԥե򥳥ѥ뤹뤿 make ¹ԤƲ:

        make all

  rcsid defined but not used Ȥ˥󥰤Ф뤫⤷ޤ󤬡
  ̵뤷ƹޤ󡣤ϺԤСġȤäƤ뤿
  ΤǤ

  5.  󥹥ȡ

  5.1.  ƥ˲ƤΥ֡ȥǥ

  ǰλ֤ơ֡ȥǥäƤޤ礦ƥ򥤥
  ȡ뤷Υ֡ȥǥȥ롼ȥǥнʬǤ̵
  ˤϡ֡ȥǥκˤĤƤ񤫤Ƥ Bootdisk-
  HOWTO <http://sunsite.unc.edu/mdw/HOWTO/Bootdisk-HOWTO.html> 򻲾Ȥ
  Ʋ

  5.2.  ʣ륪饤ޥ˥奢κ

  ֤Ťޥ˥奢Ϥɤ˰ܤƤ٤ǤХåå
  ʤ Shadow Suite 򥤥󥹥ȡ뤹Ǥ⡢Ťޥ˥奢ä
  ޤʤǤ礦Ťޥ˥奢Ϥ餯̤ƤΤǡ
  ޥ˥奢Ϥޤ񤭤ʤǤ

  man -aW  locate ޥɤȤäưư()٤ޥ˥奢ΰ֤Ĵ
  ٤뤳ȤǤޤŪˤ make install ¹Ԥ¹Ԥ
  Ťޥ˥奢ξ򸫤ĤΤưפǤ

  Slackware 3.0 ѥåξˤϺ٤ޥ˥奢ϰʲξˤ
  ޤ:

  o  /usr/man/man1/chfn.1.gz

  o  /usr/man/man1/chsh.1.gz

  o  /usr/man/man1/id.1.gz

  o  /usr/man/man1/login.1.gz

  o  /usr/man/man1/passwd.1.gz

  o  /usr/man/man1/su.1.gz

  o  /usr/man/man5/passwd.5.gz

  /var/man/cat[1-9] ˤƱ̾Υ饤ޥ˥奢뤬뤫Τʤ
  Τǡкɬפޤ

  5.3.  make install μ¹

  ʲΥޥɤ¹Ԥޤ礦:(rootˤʤäƤ¹ԤƲ)

        make install

  ǡץڤ֤ץब󥹥ȡ뤵
  졢եΥѡߥå󤬽ޤޤ饤ޥ˥奢
  ⥤󥹥ȡ뤵ޤ

  Shadow Suite Υ󥯥롼ɥե뤬  (/usr/include/shadow)
  ˥󥹥ȡ뤵줿ɤǧƲ

  ǥѥåȤäƤˤϡlogin.defsư /etcإԡ
  ơroot ɤ߽񤭤Ǥʤ褦ˤʤФʤޤ

        cp login.defs /etc
        chmod 700 /etc/login.defs

  ΥեloginץեǤΥեϤʤ
  Υƥ˹碌ѹƤΥեǤϡɤ tty 
  root Υʤɥƥ˴ؤ(ѥɤδ
  ʤ)Ǥޤ

  5.4.  pwconv μ¹

  Υƥåפ pwconv ¹Ԥ뤳ȤǤroot ¤ǹԤʤ
  Фʤޤ󡣤ޤ/etc ǥ쥯ȥذưƤ¹ԤƲ:

        cd /etc
        /usr/sbin/pwconv

  pwconv  /etc/passwd γƥեɤФơ /etc/npasswd 
  /etc/nshadow 2ĤΥեޤ

  pwunconv Ȥޥɤ⤢ꡢ⤷ɬפʤ /etc/passwd 
  /etc/shadow ̤ /etc/passwd 뤳ȤǤޤ

  5.5.  npasswd  nshadow Υ͡

  pwconv ¹ԤȤ /etc/npasswd  /etc/nshadow 줿Ϥ
  Υե򤽤줾 /etc/passwd  /etc/shadow ˾񤭤
  񤭤ˤϸ /etc/passwd ΥХååפꡢ
  Хååפ root ʳΥ桼ɤʤ褦ˤƤޤ礦Х
  åפ root Υۡǥ쥯ȥ˺ɤǤ礦:

        cd /etc
        cp passwd ~passwd
        chmod 600 ~passwd
        mv npasswd passwd
        mv nshadow shadow

  ˡեΥʤȥѡߥåɤǧޤ
   X-Window System ȤäƤʤСxlock  xdm  shadow ե
  ɤ褦ˤʤäƤʤФʤޤ(񤭹ߤǤɬפϤ
  ޤ)

  ˤ2ĤˡޤĤϡxlock root  SUID ˡ
  (xdm Ϥˤ root ȤưΤǴطޤ) ⤦
  Ĥ shadow եνͭԤrootˡ롼פshadowˤˡ
  Τ褦ˤˤϡ/etc/group ե򸫤ơ shadow 
  롼פ뤫ɤޤǧƤshadow 롼פ°
  ϰͤ⤤ƤϤޤ
        chown root.root passwd
        chown root.shadow shadow
        chmod 0644 passwd
        chmod 0640 shadow

  ǤʤΥƥΥѥɤ shadow ޤǡ
  ü򳫤ƥ󤬤Ǥ뤫ɤǧƤߤޤ礦

  äƤߤޤ礦

  ⤷ޤʤϡɤǴְ㤨Ƥޤshadow Ƥ
  ֤᤹ˤϰʲΤ褦ʼ³ԤäƲ:

        cd /etc
        cp ~passwd passwd
        chmod 644 passwd

  ǽ˥Хååפä¾Υեᤷޤ礦

  6.  åץ졼ɤ뤫ѥåƤɬפץ

  Shadow Suite ˤϥѥɤ˥ץۤȤɤʤ
  ޤǤޤۤȤɤΥƥǤ¾ˤ⤤ĤΥץबɬ
  Ȥʤޤ

  Debian ѥåǤ(ǤʤǤ⹽ޤ)ʲξ꤫
  ƥκƹۤɬפʥץ Debian ѥåΤΥ
  뤳ȤǤޤ ftp://ftp.debian.org/debian/stable/source/

  λĤadduser, wu_ftpd, ftpd, pop3d, xlock, xdm and sudo 
  Shadow Suite 򥵥ݡȤǤ褦ˤ뤿Ԥåץ졼ɤˤĤ
  ޤ

  ¾Υץ shadow ݡȤǤ褦ˤˡ ``Cץ
  Shadow Suite бˡ'' ξϤ򻲾ȤƲ(ºݤ shadow
  ե˥뤿ˤ root  SUID 뤫 shadow  SGID 
  ɬפޤ)

  6.1.  Slackware adduser program

  Slackware ѥå(餯¾Υѥåˤ)ˤ /sbin/adduser 
  Ū˿桼ɲäץबޤޤƤޤΥץ
   shadow бǤ ftp://sunsite.unc.edu/pub/Linux/
  system/Admin/accounts/adduser.shadow-1.4.tar.gz Ǥޤ

  ɮԤ slackware adduserShadow Suite˴ޤޤƤץ
  (useradd, usermod, userdel)ȤȤ򴫤ޤȤϿ˳Ф
  ʤФʤޤ󤬡βͤϤޤ٤椬Ǥ
   (adduserǤϹԤʤ) /etc/passwd  /etc/shadowΥå󥰤
  Ƥ뤫Ǥ

  ܤ ``Shadow Suite ȤäƤߤ'' ξϤ򸫤Ƥ

  Ǥ adduser ȤʤСʲΤ褦ʼǥ󥹥ȡ뤷
  :

        tar -xzvf adduser.shadow-1.4.tar.gz
        cd adduser
        make clean
        make adduser
        chmod 700 adduser
        cp adduser /sbin

  6.2.  wu_ftpd 

  ʬ Linux ƥǤ wu_ftpd ФȤäƤޤ⤷ʤ
  λȤäƤѥå Shadow Suite󥹥ȡ뤵Ƥʤ
  硢wu_ftpd  shadow 򥵥ݡȤ褦ˤϤʤäƤʤǤ
  wu_ftpd  inetd/tcpd rootΥץȤƵưޤ⤷
  ʤŤ wu_ftpd ǡ餻Ƥʤ顢С夲Ƥ
  ŤС rootΥȤǧƤޤХäƤ
  뤳ȤΤƤ뤫Ǥ(ܤ Linux security ۡڡ
  <http://bach.cis.temple.edu/linux/linux-security/Linux-Security-
  FAQ/Linux-wu.ftpd-2.4-Update.html>) 򻲾ȤƲ )

  shadow ͭˤ뤿ˤϥɤꤷƺƥѥ뤹
  Ǥ

  ELF ƥǤʤˤϡwu_ftpФ Sunsite  wu-
  ftp-2.4-fixed.tar.gz
  <ftp://sunsite.unc.edu/pub/Linux/system/Network/file-transfer/wu-
  ftpd-2.4-fixed.tar.gz> ֤̾ƤΤѤǤޤ

  եꤷ顢Υե /usr/src ֤Ƥ顢ʲΤ褦
  ԤäƤ:

        cd /usr/src
        tar -xzvf wu-ftpd-2.4-fixed.tar.gz
        cd wu-ftpd-2.4-fixed
        cp ./src/config/config.lnx.shadow ./src/config/config.lnx

   ./src/makefiles/Makefile.lnx եΰʲʬ:

        LIBES    = -lbsd -support

  Τ褦ѹޤ:

        LIBES    = -lbsd -support -lshadow

  ơ¹ԥեץȤμ¹Եڤӥ󥹥ȡԤޤ:

        cd /usr/src/wu-ftpd-2.4-fixed
        /usr/src/wu-ftp-2.4.fixed/build lnx
        cp /usr/sbin/wu.ftpd /usr/sbin/wu.ftpd.old
        cp ./bin/ftpd /usr/sbin/wu.ftpd

  ϡLinux  shadow եȤäƥФΥѥڤӥ
  󥹥ȡԤޤ

  ɮԤ Slackware 2.3 ƥǤϼ¹ԥեץȤ¹Ԥ
  ˰ʲԤɬפޤ:

        cd /usr/include/netinet
        ln -s in_systm.h in_system.h
        cd -

  ELF ƥǤϥѥ뤬ޤʤȤ𤵤Ƥޤ
  Υ꡼ΦǤȤФޤ褦Ǥϡwu-
  ftp-2.4.2-beta-10.tar.gz <ftp://tscnet.com/pub/linux/network/ftp/wu-
  ftpd-2.4.2-beta-10.tar.gz> ȤǤޤ

  եꤷ顢 /usr/src ֤ơʲԤäƤ
  :

        cd /usr/src
        tar -xzvf wu-ftpd-2.4.2-beta-9.tar.gz
        cd wu-ftpd-beta-9
        cd ./src/config

   config.lnx եΰʲʬ

        #undef SHADOW.PASSWORD

  Τ褦ѹޤ

        #define SHADOW.PASSWORD

  줫顢

        cd ../Makefiles

  Ԥȥǥ쥯ȥѹƤ Makefile.lnx ե

        LIBES = -lsupport -lbsd # -lshadow

  ʬ򼡤Τ褦ѹޤ

        LIBES = -lsupport -lbsd -lshadow

  Ƽ¹ԥեȥ󥹥ȡԤޤ:

        cd ..
        build lnx
        cp /usr/sbin/wu.ftpd /usr/sbin/wu.ftpd.old
        cp ./bin/ftpd /usr/sbin/wu.ftpd

  /etc/inetd.conf ե wu_ftpd Τ֤꤬񤫤Ƥ뤫ɤ
  ǧΤ˺ʤ褦ˤޤ礦ѥåˤäƤϥХ
  ־꤬㤤wu_ftpd ̤̾ˤʤäƤΤ⤢Ȥ
  𤬤ޤ

  : Slackware 3.1 Ǥ shadow ѥɲԤä硢wu-ftpd Υ
  ѥ˼Ԥ礬ޤΤ褦ʥ顼Фˤ
  src/makefiles/Makefile.lnx  CFLAGS  "-DDIRENT_ILLEGAL_ACCESS" 
  ƤߤƤ (ξϹСŵ礵ĺޤ)

  ______________________________________________________________________
  gcc -O2 -fomit-frame-pointer -I.. -I../support -I/usr/include/bsd -L../suppors
   -c glob.c -o glob.o
  glob.c: In function `matchdir':
  glob.c:284: dereferencing pointer to incomplete type
  make: *** [glob.o] Error 1
  ______________________________________________________________________

  6.3.  ɸ ftpd

  ɸ ftpd ФȤäƤˤ wu_ftpd Ф˥åץ졼
  뤳Ȥ򴫤ޤҤ٤ХСȤƤ뤫
  Ǥ

  ɤƤɸΤΤȤ䡢NIS 򥵥ݡȤɬפ
  ˤ Sunsite  ftpd-shadow-nis.tgz
  <ftp://sunsite.unc.edu/pub/Linux/system/Network/file-transfer/ftpd-
  shadow-nis.tgz> ꤷƲ

  6.4.  pop3d (Post Office Protocol 3)

  ⤷POP3(the third Post Office Protocol) 򥵥ݡȤɬפ
  ˤ pop3d ƥѥ뤹ɬפޤ pop3d  inet/tcpd 
  root¤Ǽ¹Ԥޤ

  Sunsite 2ĤΰۤʤСΤΤǤޤ:
  pop3d-1.00.4.linux.shadow.tar.gz
  <ftp://sunsite.unc.edu/pub/Linux/system/Mail/pop/pop3d-1.00.4.linux.shadow.tar.gz>
   pop3d+shadow+elf.tar.gz
  <ftp://sunsite.unc.edu/pub/Linux/system/Mail/pop/pop3d+shadow+elf.tar.gz>
  Ǥ

  ɤξʤ󥹥ȡǤǤ礦

  6.5.  xlock

  Shadow Suite 򥤥󥹥ȡ뤷X Window ƥ xlock 򥢥åץ
  졼ɤʤޤޤǼ¹Ԥˤϡ CNTL-ALT-Fx ̤Υ󥽡
  ؤƥ xlock Υץ򻦤(뤤 CNTL-ALT-BS  X 
  Ф򻦤)ʳˤɤ褦ʤ֤ˤʤäƤޤޤʤȤˡ
  xlock 򥢥åץ졼ɤΤϤȤƤñǤ

  ⤷XFree86 ΥС 3.x.x ѤƤˤϡ xlockmore
  (lock ǽ˲äƥ꡼󥻡еǽ)ȤäƤȻפޤ
  ΥѥåϺƥѥ뤹뤳Ȥ shadow 򥵥ݡȤǤޤŤ
  xlock ȤäƤˤ xlockmore ˥åץ졼ɤ뤳Ȥ򴫤
  

  xlockmore-3.5.tgz ϰʲξǤޤ:
  <ftp://sunsite.unc.edu/pub/Linux/X11/xutils/screensavers/xlockmore-3.7.tgz>

  󥹥ȡϴŪˤϰʲΤ褦ǹԤޤ:

  xlockmore-3.5.tgz ꤷ/usr/src Ÿޤ:

        tar -xzvf xlockmore-3.7.tgz

  /usr/X11R6/lib/X11/config/linux.cf Խ

        #define HasShadowPasswd    NO

        ιԤ

        #define HasShadowPasswd    YES

  Τ褦ѹޤ

  ơ¹ԥեޤ:

        cd /usr/src/xlockmore
        xmkmf
        make depend
        make

  եưʤȥѡߥåꤷޤ:

        cp xlock /usr/X11R6/bin/
        cp XLock /var/X11R6/lib/app-defaults/
        chown root.shadow /usr/X11R6/bin/xlock
        chmod 2755 /usr/X11R6/bin/xlock
        chown root.shadow /etc/shadow
        chmod 640 /etc/shadow

  ǡޤư xlock ǤϤǤ

  6.6.  xdm

  xdm X Window Υ̤ɽץǤ run
  level ˰ܹԤȤxdm¹Ԥ륷ƥ⤢ޤ
  (/etc/inittab)

  Shadow SuiteΥ󥹥ȡԤʤȡxdm⹹ʤФʤޤ
  xdmΥåץ졼ɤϴñʤΤꤢޤ

  xdm.tar.gz ϰʲURLǤޤ:
  <ftp://sunsite.unc.edu/pub/Linux/X11/xutils/xdm.tar.gz>

  xdm.tar.gz եꤷơ/usr/src֤ƤʲΤ褦ˤŸ
  ޤ:

        tar -xzvf xdm.tar.gz

  /usr/X11R6/lib/X11/config/linux.cf 

        #define HasShadowPasswd    NO

        ʬ

        #define HasShadowPasswd    YES

  Τ褦ѹޤ

  ¹ԥեޤ:

        cd /usr/src/xdm
        xmkmf
        make depend
        make

  ե򥤥󥹥ȡ뤷ޤ:

        cp xdm /usr/X11R6/bin/

  xdm  root ¤ưΤǥեΥѡߥåѤɬפϤ
  ޤ

  6.7.  sudo

  sudoץϥƥԤ̾root¤ɬפȤץ
  ˼¹Ԥ뤿ѤޤԤrootΥȤؤΥ
  ¤ޤޤǡ桼˥ǥΥޥĤȤ
  ʥץǤ

  sudo ϼ¹Ԥ줿˥桼ΥѥǧڤԤΤǡѥɥե
  ɤʤФʤޤsudo Ϻǽ餫root SUID ư
  Τǡ/etc/shadow ؤΥˤĤƤꤢޤ

  Shadow Suit б sudo ϰʲURLǤޤ:
  <ftp://sunsite.unc.edu/pub/Linux/system/Admin/sudo-1.2-shadow.tgz>

  ٹ: sudo򥤥󥹥ȡ뤹ݤ /etc/sudoersեɸΤΤ
  ƤޤޤǤ顢ɸξ֤ѹˤϥХ
  åפäƤɬפޤ(Makefile ѹɸΥե
  /etc˥ԡʬνȤˡ⤢ޤ)

  Υѥåϴ shadow б꤬ʤƤΤǡѥå
  ƥѥ뤹ѤǤޤ( /usr/src ŸƲ
  ):

        cd /usr/src
        tar -xzvf sudo-1.2-shadow.tgz
        cd sudo-1.2-shadow
        make all
        make install

  6.8.  imapd (E-Mail pine ѥå)

  imapd  pop3d Τ褦ʥ᡼륵ФǤ imapd  pine E-mail ѥå
  °Ƥޤѥå°ɥȤˤ Linux 
  ƥФɸ shadow 򥵥ݡȤƤȽ񤫤Ƥޤ
  ʤҤǤˡΥѥåǤϼ¹ԥե
  ץȤ Makefile ȹ礻ɬפǡѥlibshadow.a
  ä뤳Ȥ񤷤ΤǤ櫓ǡϤޤ imapd  shadow
  ݡȤ褦ˤϤǤƤޤ

  ⤷ͤޤ顢ɮԤΤȤ˥᡼Τ餻Ƥ
  ιܤ˲äȻפޤ

  6.9.  pppd (PPP ץȥ륵)

  pppd ФǧڤʣѤǤ褦Ǥޤ Password
  Authentication Protocol (PAP)  Cryptographic Handshake
  Authentication Protocol (CHAP)Ǥpppd Ф̥ѥʸ
   /etc/ppp/chap-secrets  /etc/ppp/pap-secrets (뤤ξ)
  ޤpppd ɸư򤵤Ƥˤ pppd ƥ󥹥ȡ뤹
  ɬפϤޤ

  pppd loginѥ᡼Ȥ褦ˤ뤳ȤǤޤ(ޥɥ饤
  եǻꤹ뤫 options եǻ)⤷login 
  󤬻ꤵ pppd  PAP  /etc/passwd եΥ桼͡
  ȥѥɤȤޤѥɤ shadow Ȥ󡢤ư
  ʤʤޤ pppd-1.2.1d Ǥ shadow 򥵥ݡȤ뤿ˤϥץ
  ѹʤФʤޤ

  ξϤǤ pppd-1.2.1d(С󤬸Ť pppd) shadow ݡ
  äȤΤǤ

  pppd-2.2.0 Ǥϴ shadow бԤƤޤ

  7.  Shadow Suite ȤäƤߤ

  ξϤǤϥƥShadow Suite򥤥󥹥ȡ뤷ΤäƤ٤
  Ȼפ뤳ȤޤܤϳƥޥɤΥ饤
  ˥奢򻲾ȤƤ

  7.1.  桼ɲáѹ

  Shadow Suite ˤϥ桼ɲáѹ뤿Υץबޤޤ
  ƤޤadduserץäƤ뤫⤷ޤ

  7.1.1.  useradd

  useraddޥɤϥƥ˥桼ɲä뤿Ѥޤɸ
  ѤȤˤ⤳Υޥɤ¹Ԥޤ

  ǽ˹Ԥʤ٤ȤɸǧƤʤΥƥ˹碌ѹ
  ä뤳ȤǤ:

        useradd -D

  ______________________________________________________________________
  GROUP=1
  HOME=/home
  INACTIVE=0
  EXPIRE=0
  SHELL=
  SKEL=/etc/skel
  ______________________________________________________________________

  ɸϤ餯ʤǤ礦顢桼äȤ˳ƥ桼
  ФƤιܤ򤤤ꤹ⡢ɸѤƤޤ
  ޤ礦

  ɮԤΥƥǤϰʲΤ褦ѤƤޤ:

  o  ɸΥ롼 ID  100 

  o  ѥɤδ¤ 60 

  o  ѥɤδڤˤ륢ȤΥåϹԤʤʤ

  o  ɸΥ/bin/bash 

     Τ褦ѹԤʤˤϼΥޥɤ¹Ԥޤ:

        useradd -D -g100 -e60 -f0 -s/bin/bash

  ξ֤ useradd -D ¹ԤȰʲη̤ޤ:

  ______________________________________________________________________
  GROUP=100
  HOME=/home
  INACTIVE=0
  EXPIRE=60
  SHELL=/bin/bash
  SKEL=/etc/skel
  ______________________________________________________________________

  ⤷ΤꤿСɸ/etc/default/useradd եǳ
  ǧǤޤ

  ǥ桼ɲä useradd Ȥ褦ˤʤޤ㤨Сɸ
  Ȥäƥ桼 fred ɲä뤿ˤϰʲΤ褦Ԥʤ
  :

        useradd -m -c "Fred Flintstone" fred

  Υޥɤ/etc/passwd ե˰ʲΤ褦ʥȥ꡼
  :

        fred:*:505:100:Fred Flintstone:/home/fred:/bin/bash

  ޤ/etc/shadowե˰ʲΥȥ꡼ޤ:

        fred:!:0:0:60:0:0:0:0

  -mץ󤬤ĤƤΤǡ桼fred Υۡǥ쥯ȥ
  졢/etc/skelǥ쥯ȥƤԡޤ

  UID ϻꤷƤʤƤŬ˷Ƥޤ

  fredΥȤǤޤȤΥåʤ
  fredϥ󤹤뤳ȤϤǤޤ󡣥åβϥѥɤѤ
  ȤˤäƹԤʤޤ

        passwd fred

  ______________________________________________________________________
  Changing password for fred
  Enter the new password (minimum of 5 characters)
  Please use a combination of upper and lower case letters and numbers.
  New Password: *******
  Re-enter new password: *******
  ______________________________________________________________________

   /etc/shadowϰʲΤ褦Ƥˤʤޤ:

        fred:J0C.WDR1amIt6:9559:0:60:0:0:0:0

  ơfredϥƥ˥Ǥ褦ˤʤޤ¾Υץ
  ʤ useradd Ȥ/etc/passwd /etc/shadowѹԲʬ˹Ԥ
  뤳ȤǤĤޤꡢʤ桼ϿΤƱ¾Υ桼
  ѥɤѹȤƤ⡢ξȤ¹Ԥޤ

  ľ /etc/passwd  /etc/shadow ԽΤϤơѰդ줿ޥ
  ɤѤ٤Ǥʤ /etc/passwd ԽƤ֤ˡ
  ѥɤѹȤȡΥ桼ΥѥѹϤʤ
  ե򥻡֤˼Ƥޤޤ

  ʲ˼ΤuseraddpasswdȤäñŪ桼ɲåץ
  Ǥ

  ______________________________________________________________________
  #!/bin/bash
  #
  # /sbin/newuser - A script to add users to the system using the Shadow
  #                 Suite's useradd and passwd commands.
  #
  # Written my Mike Jackson <mhjack@tscnet.com> as an example for the Linux
  # Shadow Password Howto.  Permission to use and modify is expressly granted.
  #
  # This could be modified to show the defaults and allow modification similar
  # to the Slackware Adduser program.  It could also be modified to disallow
  # stupid entries.  (i.e. better error checking).
  #
  ##
  #  Defaults for the useradd command
  ##
  GROUP=100        # Default Group
  HOME=/home       # Home directory location (/home/username)
  SKEL=/etc/skel   # Skeleton Directory
  INACTIVE=0       # Days after password expires to disable account (0=never)
  EXPIRE=60        # Days that a passwords lasts
  SHELL=/bin/bash  # Default Shell (full path)
  ##
  #  Defaults for the passwd command
  ##
  PASSMIN=0        # Days between password changes
  PASSWARN=14      # Days before password expires that a warning is given
  ##
  #  Ensure that root is running the script.
  ##
  WHOAMI=`/usr/bin/whoami`
  if [ $WHOAMI != "root" ]; then
          echo "You must be root to add news users!"
          exit 1
  fi
  ##
  #  Ask for username and fullname.
  ##
  echo ""
  echo -n "Username: "
  read USERNAME
  echo -n "Full name: "
  read FULLNAME
  #
  echo "Adding user: $USERNAME."
  #
  # Note that the "" around $FULLNAME is required because this field is
  # almost always going to contain at least on space, and without the "'s
  # the useradd command would think that you we moving on to the next
  # parameter when it reached the SPACE character.
  #
  /usr/sbin/useradd -c"$FULLNAME" -d$HOME/$USERNAME -e$EXPIRE \
          -f$INACTIVE -g$GROUP -m -k$SKEL -s$SHELL $USERNAME
  ##
  #  Set password defaults
  ##
  /bin/passwd -n $PASSMIN -w $PASSWARN $USERNAME >/dev/null 2>&1
  ##
  #  Let the passwd command actually ask for password (twice)
  ##
  /bin/passwd $USERNAME
  ##
  #  Show what was done.
  ##
  echo ""
  echo "Entry from /etc/passwd:"
  echo -n "   "
  grep "$USERNAME:" /etc/passwd
  echo "Entry from /etc/shadow:"
  echo -n "   "
  grep "$USERNAME:" /etc/shadow
  echo "Summary output of the passwd command:"
  echo -n "   "
  passwd -S $USERNAME
  echo ""
  ______________________________________________________________________

  桼ɲä˥ץȤѤ뤳Ȥľ/etc/passwd
  /etc/shadowԽꡢSlackware  adduserץѤ
  ˾ޤǤΥץȤ򤢤ʤΥƥ˹碌ѹƻȤ
  Ƥ

  useraddˤĤƤΤܤϥ饤ޥ˥奢򻲾ȤƤ
  

  7.1.2.  usermod

  usermodץϥ桼ˤĤƤξѹ뤿ΤΤǤ
  useraddȤۤȤƱǤ

  fredΥѤ褦Ȼפä顢ʲΤ褦򤷤ޤ:

        usermod -s /bin/tcsh fred

  ˤäơ/etc/passwdfredΥȥ꡼ϼΤ褦ѹޤ:

        fred:*:505:100:Fred Flintstone:/home/fred:/bin/tcsh

  ˡfredΥȤδ¤ 1997ǯ915ꤷƤߤޤ礦:

        usermod -e 09/15/97 fred

  /etc/shadowfredΥȥ꡼ϼΤ褦ѹޤ:

        fred:J0C.WDR1amIt6:9559:0:60:0:0:10119:0

  usermodˤĤƤΤܤϥ饤ޥ˥奢򻲾ȤƤ
  

  7.1.3.  userdel

  userdel̤̾ꡢ桼ΥȤäޤȤñ

        userdel -r username

  ϤǤ -rץĤȥ桼Υۡǥ쥯ȥ
  (ۡǥ쥯ȥꤽΤΤޤ)õޤۤʤե륷
  ˤեϼȤǾõʤФʤޤ

  ȤäΤǤϤʤñ˥åξˤ passwdޥ
  ɤȤޤ

  7.2.  passwd ޥɤȥѥɤδ

  passwdޥɤ̤ΥѥѹεǽäƤޤ˲ä
  ơ桼rootǼ¹ԤˤϡʲΤȤǤޤ

  o  ȤΥåڤӤβ (-l  -u)

  o  ѥɤκû֤ͭ (-x)

  o  ѥѹޤǤκû(-n)

  o  ¤ڤѥɤФƲٹ𤹤뤫 (-w)

  o  ѥɤδڤ줫饢ȤΥåޤǤ is
     locked (-i)

  o  Ⱦ񤷤ɽ(-S)

  ȤơƤӥ桼fred򸫤Ƥߤޤ礦

        passwd -S fred
        fred P 03/04/96 0 60 0 0

  ϡfredΥѥɤͭǤ뤳ȡѹ1996ǯ3 4
  äȡĤǤѹǽǤ뤳ȡ60˴ڤˤʤ뤳
  ȡfred ˤϷٹϤʤʤȡѥɤڤˤʤäƤ⥢
  Ȥ̵ȤʤʤȤ̣Ƥޤ

  ϡѥɤڤˤʤäƤfred󤹤ȿѥ
  ɤ׵᤹ץץȤФƤȤȤǤ

  ⤷fredΥѥɤڤˤʤ14˷ٹФڤ
  14ˤϥȤߤȤʤ褦ˤ뤿ˤϼΤ褦̿Ϳ
  ޤ

        passwd -w14 -i14 fred

  ΤȤfredξϼΤ褦ˤʤޤ

        fred P 03/04/96 0 60 14 14

  ܺ٤ˤĤƤpasswdΥ饤ޥ˥奢򻲾ȤƤ

  7.3.  login.defs ե

  /etc/loginեloginץShadow SuiteΤե
  

  /etc/login եϥץץɽ顢桼ѥѹ򤷤
  ɸΥѥɴ¤Ϥɤʤ뤫ޤǤäƤޤ

  /etc/login.defs ˾ܤȤޤĤդ٤
  ޤ

  o  ȯ󥰤̤ꤹե饰(on 뤤 off ˤǤ)
     

  o  ¾եؤΥݥ󥿤ޤ

  o  ѥɤ aging ʤɤˤĤƤɸޤ

  ΤȤפʥեǤ뤳Ȥ狼ȻפޤǤ顢
  ե뤬ΤΤ¸ߤ뤳ȤˤʤäƤ뤫ɤɬ
  ǧƤ

  7.4.  롼פΥѥ

  /etc/groupsեΥ롼פΥФˤʤ뤿Υѥɤ
  ळȤޤεǽϥѥ /usr/src/shadow-
  YYMMDD/config.h եSHADOWGRP Ƥͭˤʤä
  ޤ

  ƥѥԤʤäʤС/etc/gshadowե
  ꡢ롼פΥѥɵڤӥ롼״ԤˤĤƤξݻʤ
  Фʤޤ

  /etc/shadow եäˤ pwconvȸƤФץȤ
  /etc/gshadowФƤϤΤϤޤ󡣤
  ΥեäԽɬפϤʤΤˤϤʤޤ

  ǽ /etc/gshadow ե뤿ˤϰʲԤʤޤ

        touch /etc/gshadow
        chown root.root /etc/gshadow
        chmod 700 /etc/gshadow

  롼פȼưŪ/etc/groupڤ /etc/gshadowե
  äޤ桼ɲä롼פΥѥɤѹʤɤν
  Ԥʤ줿ˤ /etc/gshadowեѹޤ

  Shadow Suite ˴ޤޤ륰롼פѹ뤿ΥץȤgroups,
  groupadd, groupmod, groupdelޤ

  /etc/group եΥեޥåȤϼΤ褦ˤʤäƤޤ

        groupname:!:GID:member,member,...

  ƥեɤƤϼΤ褦ˤʤäƤޤ:

     groupname
        롼̾

     !  ̾ϥѥɤݻեɤǤ뤬 Shadow Suite Ǥ
        ѥɤ/etc/gshadow ե˳Ǽ

     GID
        롼ID()

     member
        롼פΥФΥꥹ

  /etc/gshadow եΥեޥåȤϼΤ褦ˤʤޤ

        groupname:password:admin,admin,...:member,member,...

  ƥեɤƤϤϰʲΤ褦ˤʤäƤޤ:

     groupname
        롼פ̾

     password
        󥳡ɤ줿ѥ

     admin
        롼פδԤΥꥹ

     member
        롼פΥФΥꥹ

  gpasswdޥɤϥ롼פФƴԤ桼ɲõڤӺԤʤ
  ˤȤޤroot䥰롼פδԥꥹȤäƤ桼ϥ
  פΥФɲäԤʤȤǤޤ

  롼פΥѥɤ root 롼פδԥꥹȤäƤ桼
  passwdޥɤѤ뤳ȤѹǤޤ

  ߤΤȤgpasswdޥɤΥ饤ޥ˥奢Ϥޤ󤬡
  ᡼ʤgpasswd¹Ԥ뤳Ȥǥץǧ뤳Ȥ
  ޤեΥեޥåȤỌ̇̄򤷤ƤХޥɤɤΤ褦
  ưΤİ뤳ȤϴñǤ
  7.5.  åץ

  7.5.1.  pwck

  ץpwck/etc/passwd/etc/shadow Ƥ˰뤫ɤ
  Ĵ٤뤿ΤΤǤΥץϤ줾Υ桼̾ˤĤưʲ
  ιܤĴ٤ޤ:

  o  եɤο

  o  Ʊ̾Υ桼̾ʤ

  o  桼ID롼ID

  o  primary 롼פ

  o  ۡǥ쥯ȥ꤬

  o  󥷥뤬

  ޤѥ̵ΥȤзٹ𤷤ޤ

  Shadow Suite򥤥󥹥ȡ뤷顢pwck¹ԤȤΤɤͤ
  Ū(Ȥ轵)˼¹ԤΤ⤤Ǥ礦-rץ
  ȤСcronȤäŪ˼¹Ԥ̤᡼𤵤뤳Ȥ
  Ǥޤ

  7.5.2.  grpck

  grpck /etc/group  /etc/gshadow ΰǧץǤ
  ΥץϰʲΥåԤʤޤ:

  o  եɤο

  o  롼̾νʣʤ

  o  СȴԤΥꥹȤ

  pwckޥƱͤˡ-r ץȤäƼưŪ˷򤵤뤳
  Ǥޤ

  7.6.  륢åסѥ

  륢åסѥɤϥ륤ΥĤƤ륷
  Ρ̾ΥѥǧڤȤ̤ɱǤ뤢뤤ϥͥåȥ
  ͳ³Ǥ桼¿뤱ɥ륤³Ǥ桼
  ¤ˤϡ륢åסѥɤΩޤ
  륢åסѥɤͭˤˤϡ/etc/login.defsԽ
  DIALUPS_CHECK_ENAB  yes ˤޤ

  륢åפˤĤƤ2ĤΥեǹԤޤĤ
  /etc/dialupsǡtty 򵭽Ҥޤ(ĤФưԽ񤭡
  Х̾κǽ"/dev/"Τ򵭽Ҥޤ) tty 񤫤
  С륢åפ³ФåԤޤ

  ⤦ĤΥե /etc/d_passwd ǤΥեˤŬڤʥ
  Υѥ̾ɲäΥѥɤ򵭽Ҥޤ

  ⤷/etc/dialups˽񤫤Ƥ桼󤷡
  /etc/d_passwd ˤΥ桼Υ󥷥뤬񤫤ƤʤС
  ѥɤϤ뤳ȤǥĤ뤳ȤǤޤ

  륢åסѥɤϲΥ(PPPUUCPʤ)³
  ˤͭѤǤޤ桼¾Υפ³(㤨Х
  Ȥ˺ܤäƤ륷Ȥ)ԤˤϤβΥѥɤΤ
  Ƥɬפޤ

  륢åסѥɤȤˤϡҤեɬ
  פޤ

  ޥ dpasswd Ȥä /etc/d_passwdեΥФѥ
  ɤꤹ뤳ȤǤޤܤϥ饤ޥ˥奢򻲾ȤƤ
  

  8.  Cץ Shadow Suite бˡ

  ץ shadow ݡȤäΤϼºݤˤϤȤƤñǤ
  /etc/shadow ե˥뤿˥ץroot¤Ǽ¹Ԥ
  root SUID Ƽ¹ԤʤФʤʤȤǤ

  ϽǤSUID ץˤ˿Ť˥ץ
  हɬפޤ㤨С˥פǤץ
  ץबroot SUID ƤƤrootȤƼ¹ԤƤϤʤޤ

  ѥɤΥåϤ뤬ʳˤrootȤưɬפʤ
  褦ʾ shadow ݡȤץɲä shadow 롼
   SGID äȰǤxlock ץϤΤ褦ŵ
  

  ʲǼ pppd-1.2.1d ϴroot SUID ƤΤǡshadow 
  ݡȤä뤳ȤǡץबƥŪˤȼˤʤ뤳Ȥ
  Ϥ䤢ޤ

  8.1.  إåե

  إåե /usr/include/shadow ǥ쥯ȥˤ٤
  /usr/include/shadow.h ɬפǤ
  /usr/include/shadow/shadow.h ؤΥܥå󥯤ˤʤޤ

  ץ shadow ݡȤä뤿ˤϼΥإåե򥤥
  롼ɤɬפޤ:

  #include <shadow/shadow.h>
  #include <shadow/pwauth.h>

  shadow ѤΥɤ拾ѥѤǤ褦˥ѥ̿
  ΤɤͤǤ(ʲǤ⤽Ƥޤ)

  8.2.  libshadow.a 饤֥

  Shadow Suite 򥤥󥹥ȡ뤹ˤ libshadow.a 졢/usr/lib
  ˥󥹥ȡ뤵ޤ

  ץ shadow ݡȤ뤿ˤϡ󥫤 libshadow.a 
  褦˻ؼɬפޤ

  ϰʲΤ褦˹Ԥޤ:

        gcc program.c -o program -lshadow

  ʲǤ狼褦絬ϤʥץǤ Makefile 
  ޤ顢̤ LIBS ѿѹޤ

  8.3.  Shadow ¤

  libshadow.a 饤֥ spwd ȸƤФ빽¤Τ /etc/shadow ե
  ФǼޤ إåե
  /usr/include/shadow/shadow.h ˤ spwd Ǥ:

  ______________________________________________________________________
  struct spwd
  {
    char *sp_namp;                /* login name */
    char *sp_pwdp;                /* encrypted password */
    sptime sp_lstchg;             /* date of last change */
    sptime sp_min;                /* minimum number of days between changes */
    sptime sp_max;                /* maximum number of days between changes */
    sptime sp_warn;               /* number of days of warning before password
                                     expires */
    sptime sp_inact;              /* number of days after password expires
                                     until the account becomes unusable. */
    sptime sp_expire;             /* days since 1/1/70 until account expires
  */
    unsigned long sp_flag;        /* reserved for future use */
  };
  ______________________________________________________________________

  Shadow Suite Ǥ sp_pwdp ñʤ륨󥳡ɤ줿ѥɤǤ
  ʳξ뤳ȤǤޤ㤨Сѥɥե
  ɤʲΤ褦ʹԤޤǤǤ:

        username:Npge08pfz4wuk;@/sbin/extra:9479:0:10000::::

  ǡѥɤ˲ä/sbin/extra ץ򤵤ʤǧڤѤ
  ȤؼƤޤƤӽФ줿ץϡ桼̾ȤʤƤӽФ
  줿򼨤åϤޤܤ뤿ˤ
  /usr/include/shadow/pwauth.h ȥɤ˴ޤޤ pwauth.c ɤ
  Ǥ

  줬̣Ȥϡ2ǧڤդ뤳ȤȡºݤǧڤԤ
  ϴؿ pwauth Ѥ٤ȤȤǤʲǤϤ¹Ԥ
  Ƥޤ

  ¸ߤƤץΤۤȤɤԤäƤʤᡢ Shadow
  SuiteκԤϾΥСǤϤεǽ̵ͤѹ뤳
  äƤޤ

  8.4.  Shadow ݡȤΤδؿ

  shadow.h եˤ libshadow.a 饤֥꤬ޤǤؿδؿץ
  ȥפ񤫤Ƥޤ:

  ______________________________________________________________________
  extern void setspent __P ((void));
  extern void endspent __P ((void));
  extern struct spwd *sgetspent __P ((__const char *__string));
  extern struct spwd *fgetspent __P ((FILE *__fp));
  extern struct spwd *getspent __P ((void));
  extern struct spwd *getspnam __P ((__const char *__name));
  extern int putspent __P ((__const struct spwd *__sp, FILE *__fp));
  ______________________________________________________________________

  줫Ѥؿ getspnam (Ϳ줿̾б spwd 
  ¤ΤͿ)Ǥ

  8.5.  

  ϥǥեȤ shadow ݡȤ򤷤Ƥʤץ shadow б
  Ǥ

  Ǥ Point-to-Point ץȥ륵(pppd-1.2.1d) ѤƤ
  Υץ PAP  CHAP եǤʤ /etc/passwd ե뤫
  桼̾ȥѥɤѤ PAP ǧڤԤ⡼ɤäƤ
   pppd-2.2.0  shadow ݡȤԤƤΤǡpppd-2.2.0
  ФΥɤɲäɬפϤޤ

  pppd ΤεǽϤޤȤʤΤǤShadow Suite 򥤥󥹥ȡ
  ȥѥɤ /etc/passwd ݻʤʤ뤿ˡεǽ
  ȤʤʤäƤޤޤ

  pppd-1.2.1d Υ桼ǧڤʬΥɤ
  /usr/src/pppd-1.2.1d/pppd/auth.c եˤޤ

  ʲΥɤϥ¾ #include ̿˲äɬפ
  ̿ #include ϤǤޤ(ä shadow ݡȤ
  ǥѥ뤹󥯥롼ɤޤ)
  ______________________________________________________________________
  #ifdef HAS_SHADOW
  #include <shadow.h>
  #include <shadow/pwauth.h>
  #endif
  ______________________________________________________________________

  ʬϼºݤΥɤФѹǤauth.c ե˹ѹ
  äޤ

  ѹ auth.c:

  ______________________________________________________________________
  /*
   * login - Check the user name and password against the system
   * password database, and login the user if OK.
   *
   * returns:
   *      UPAP_AUTHNAK: Login failed.
   *      UPAP_AUTHACK: Login succeeded.
   * In either case, msg points to an appropriate message.
   */
  static int
  login(user, passwd, msg, msglen)
      char *user;
      char *passwd;
      char **msg;
      int *msglen;
  {
      struct passwd *pw;
      char *epasswd;
      char *tty;

      if ((pw = getpwnam(user)) == NULL) {
          return (UPAP_AUTHNAK);
      }
       /*
       * XXX If no passwd, let them login without one.
       */
      if (pw->pw_passwd == '\0') {
          return (UPAP_AUTHACK);
      }

      epasswd = crypt(passwd, pw->pw_passwd);
      if (strcmp(epasswd, pw->pw_passwd)) {
          return (UPAP_AUTHNAK);
      }

      syslog(LOG_INFO, "user %s logged in", user);

      /*
       * Write a wtmp entry for this user.
       */
      tty = strrchr(devname, '/');
      if (tty == NULL)
          tty = devname;
      else
          tty++;
      logwtmp(tty, user, "");             /* Add wtmp login entry */
      logged_in = TRUE;

      return (UPAP_AUTHACK);
  }
  ______________________________________________________________________

  桼Υѥɤ pw->pw_passwd ƤΤǡǹԤɬ
  פΤϴؿ getspnam ɲä뤳ȤǤδؿϥѥɤ
  spwd->sp_pwdp ޤ

  ˡºݤǧڤԤ˴ؿ pwauth äޤδؿ shadow
  ե뤬2ǧڤ򤹤褦ꤵƤˤϡưŪ2ǧڤ
  ¹Ԥޤ

  shadow 򥵥ݡȤ褦ѹauth.c:

  ______________________________________________________________________
  /*
   * login - Check the user name and password against the system
   * password database, and login the user if OK.
   *
   * This function has been modified to support the Linux Shadow Password
   * Suite if USE_SHADOW is defined.
   *
   * returns:
   *      UPAP_AUTHNAK: Login failed.
   *      UPAP_AUTHACK: Login succeeded.
   * In either case, msg points to an appropriate message.
   */
  static int
  login(user, passwd, msg, msglen)
      char *user;
      char *passwd;
      char **msg;
      int *msglen;
  {
      struct passwd *pw;
      char *epasswd;
      char *tty;

  #ifdef USE_SHADOW
      struct spwd *spwd;
      struct spwd *getspnam();
  #endif

      if ((pw = getpwnam(user)) == NULL) {
          return (UPAP_AUTHNAK);
      }

  #ifdef USE_SHADOW
          spwd = getspnam(user);
          if (spwd)
                  pw->pw_passwd = spwd->sp-pwdp;
  #endif

       /*
       * XXX If no passwd, let NOT them login without one.
       */
      if (pw->pw_passwd == '\0') {
          return (UPAP_AUTHNAK);
      }
  #ifdef HAS_SHADOW
      if ((pw->pw_passwd && pw->pw_passwd[0] == '@'
           && pw_auth (pw->pw_passwd+1, pw->pw_name, PW_LOGIN, NULL))
          || !valid (passwd, pw)) {
          return (UPAP_AUTHNAK);
      }
  #else
      epasswd = crypt(passwd, pw->pw_passwd);
      if (strcmp(epasswd, pw->pw_passwd)) {
          return (UPAP_AUTHNAK);
      }
  #endif

      syslog(LOG_INFO, "user %s logged in", user);

      /*
       * Write a wtmp entry for this user.
       */
      tty = strrchr(devname, '/');
      if (tty == NULL)
          tty = devname;
      else
          tty++;
      logwtmp(tty, user, "");             /* Add wtmp login entry */
      logged_in = TRUE;

      return (UPAP_AUTHACK);
  }
  ______________________________________________________________________

  տĴ٤С¾ˤѹ뤳Ȥ狼ޤꥸʥΥС
  Ǥ/etc/passwdե˥ѥɤʤˤϥ
  ޤ(UPAP_AUTHACK ᤷͤˤ롣)ϤޤɤʤȤǤ
  ̤ΥǤ PPP ץؤΥ˰ĤΥ
  Ѥ줫 /etc/passwd եΥ桼̾ /etc/shadowե
  ΥѥɤѤơϤ줿桼̾ȥѥɤФ PAP ǧ
  ڤԤǤ

  顢⤷ΥС桼(㤨 ppp)ΥȤ餻
  ȡ桼 ppp Ƕѥɤˤ PAP ꤷƤï PPP ³
  뤳ȤǤʤʤޤ

  ѥɤλˤ UPAP_AUTHNAK Ǥʤ UPAP_AUTHACKᤷͤȤ
  褦ˤ뤳ȤǤ⽤Ǥޤ

  򤤤Ȥˡpppd-2.2.0 ˤƱ꤬ޤ

  ˡʲ2ˤĤ Makefile ɬפޤ: USE_SHADOW
  뤳Ȥȡlibshadow.a 󥯤褦ˤ뤳ȤǤ

  Makefile ԽơιԤäƤ:

        LIBS = -lshadow

  줫顢ιԤ򸫤Ĥ:

        COMPILE_FLAGS = -I.. -D_linux_=1 -DGIDSET_TYPE=gid_t

  ʲΤ褦ѹƤ:

        COMPILE_FLAGS = -I.. -D_linux_=1 -DGIDSET_TYPE=gid_t -DUSE_SHADOW

  Ǹˡѥڤӥ󥹥ȡ¹Ԥޤ礦

  9.  褯ʹ(Frequently Asked Questions).

  Q: /etc/securettys եȤä rootǤ tty 椷
  褦ȤƤΤǤޤޤ

  A: /etc/securettys  Shadow Suite󥹥ȡ뤵줿ˤ̣
  ޤrootѤǤ tty 򵭽Ҥե
  /etc/login.defsˤʤޤΥե¾Υեꤹ뤳
  ⤢ޤ

  Q: Shadow Suite򥤥󥹥ȡ뤷ΤǤ󤬤ǤʤʤäƤ
  ޤޤΤǤ礦

  A: 餯Shadow SuiteΥץϥ󥹥ȡ뤷ɡpwconv
  ¹ԤƤʤ/etc/npasswd
  /etc/passwdˡ/etc/nshadow/etc/shadowˤ줾쥳ԡΤ˺
  ΤǤ礦login.defs /etc˥ԡƤʤΤ⤷ޤ
  

  Q:xlock ξϤ /etc/shadowեνͭ롼פ shadowˤȤ
  ޤΤ褦ʥ롼פϤޤ󡣤ɤɤΤǤ礦

  A:롼פɲäޤ礦ñ/etc/groupեԽơshadow
  롼פˤĤƤεҤäǤ롼ID¾Ƚʣʤ褦
  ˤȡnogroupΥȥ꡼ɲäˤդƤ
  ñ xlock root  SUID Ȥˡ⤢ޤ

  Q: Linux  Shadow Suite ˤĤƤΥ᡼󥰥ꥹȤϤޤ

  A: ޤϼΥС LinuxShadow Suite γȯ
  Ȧ¥ƥȤΤΤΤǤ shadow-list-request@neptune.cin.net˥
  ֥Ȥ subscribeǤ᡼뤳Ȥǥ᡼󥰥ꥹȤ˻ä
  ޤΥ᡼󥰥ꥹȤ Linuxshadow-YYMMSSˤĤƤε
  Ǥȯ˲äꤿ Shadow Suite 򥤥󥹥ȡ뤷Τǿ
  ꡼ˤĤƤξˤϻäɤǤ礦

  Q:Shadow Suite򥤥󥹥ȡ뤷ޤ userdelޥɤ¹Ԥ
  "userdel: cannot open shadow group file"Ȥ顼Фޤ
  ΤǤ礦

  A: Shadow Suite SHADOWGRPץͭˤƥѥ뤷
  ˡ/etc/gshadowե뤬ʤΤǤ礦config.hƺƥѥ
  뤹뤫/etc/group եޤ礦shadow 롼פξ
  ǧޤ礦

  Q: Shadow Suite򥤥󥹥ȡ뤷ޤ /etc/passwd˰Ź沽줿
  ɤ񤫤ƤޤޤɤƤǤ

  A:餯config.hեAUTOSHADOWץͭˤƥѥ
  뤷ʤλȤäƤlibc SAHDOW_COMPATץͭˤ
  ѥ뤵Ƥ뤫Ǥɤ餬ǧƳƥ
  뤷ޤ礦

  10.  Copyright Message(ɽ)

  The Linux Shadow Password HOWTO is Copyright (c) 1996 Michael H.
  Jackson.

  Permission is granted to make and distribute verbatim copies of this
  document provided the copyright notice and this permission notice are
  preserved on all copies.

  Permission is granted to copy and distribute modified versions of this
  document under the conditions for verbatim copies above, provided a
  notice clearly stating that the document is a modified version is also
  included in the modified document.

  Permission is granted to copy and distribute translations of this
  document into another language, under the conditions specified above
  for modified versions.

  Permission is granted to convert this document into another media
  under the conditions specified above for modified versions provided
  the requirement to acknowledge the source document is fulfilled by
  inclusion of an obvious reference to the source document in the new
  media. Where there is any doubt as to what defines 'obvious' the
  copyright owner reserves the right to decide.

  : ʲϤޤǻͤǤˤĤƤϸʸɽ˽ä
  

  The Linux Shadow Password HOWTO  Michael H. Jackson ʪǤ
  (Copyright (c) 1996 Michael H. Jackson)

  ɽڤӤεɽƤΥԡ˻ĤȤˡʸ
  Ѥʣ̵ڤۤ뤳ȤǽǤ

  嵭ξѤʤȵڤʸ񤬲ѤƤ뤳뤳Ȥ
  ˡʸѤΤʣ̵ڤۤ뤳ȤǽǤ

  ҤβѤ줿ʸФƱǡʸ¾θ
  Τʣ̵ڤۤ뤳ȤǽǤ

  ҤβѤ줿ʸФ˲äǥ˸ʸؤ
  ʻȤޤޤ뤳ȤǸʸǤ뤳Ȥĥ׵᤬̤
  Ȥˡʸ¾Υǥۤ뤳ȤǽǤ
  ˡפϤäꤷʤˤԤꤹ븢αƤ
  ΤȤޤ

  11.  ¾ / ռ

   auth.c ФƤΥɤ pppd-1.2.1d  ppp-2.1.0e Ѥ
  ޤΥեȥ Australian National University ڤ
  Carnegie Mellon University ʪǤ (Copyright (c) 1993 and The
  Australian National University and Copyright (c) 1989 Carnegie Mellon
  University)

  Thanks to Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl> for
  writing and maintaining the Shadow Suite for Linux, and for his review
  and comments on this document.

  Shadow Suiteκ/ԤǤꡢޤʸ򸫤ƥȤ򲼤
   Marek Michalkiewicz  <marekm@i17linuxb.ists.pwr.wroc.pl> ˴դ
  ޤ

  ʸɾڤӥƥȤԤäƲä Ron Tidd <rtidd@tscnet.com>
  ˴դޤ

  ɮԤ˥եɥХåꡢʸβɤ˶ϤƤäͤ˴
  դޤ

  ȤƤФɤɮԤ˥᡼Τ餻Ƥ

  Michael H. Jackson <mhjack@tscnet.com>

  12.  Ԥ

  ۾ϸʸ˽ΤȤޤޤƤˤĤƤԤ
  ڤǤƤޤΤǡǤѤƤ

  ʤɤλŦФ륳ȤԤƤޤڤ˥᡼뤯
  

  ƣ <fujiwara@cim.pe.u-tokyo.ac.jp>

