xdm and the security patch

QNX Newsgroups (Archives) qdn.public.qnx4
1

Hello,
I recently installed the security patch on a 4.25D machine and now I am
trying to use xdm with X windows on that machine. xdm gives me a
“incorrect passwd” and won’t let me log in. I am able to log in
normally via other means.
The O’Reilly X sys admin book says that xdm uses “the same” security
stuff as login and passwd, which were replaced in the security patch.
Does anyone know if “the same” here means “the same techniques/code” or
“the same binaries (login)?” In other words, does xdm access the shadow
file directly or does xdm call the login utility to check the shadow
file? If it’s the first one, then I am going to need a copy of xdm
compiled with the crypt fix. If it’s the second, then I have some other
problem.

Thanks,

Mark

2

Hello Again,
I dug around on the web and it looks like xdm definitely accesses the
shadow file on its own, so I need a new xdm. Does anybody have such a
beast or know where to get one (or the source for the QNX (Metroworks
implementation)?

Thanks,

Mark

3

Mark Faust <mark_faust@sri.com> wrote:

Hello Again,
I dug around on the web and it looks like xdm definitely accesses the
shadow file on its own, so I need a new xdm. Does anybody have such a
beast or know where to get one (or the source for the QNX (Metroworks
implementation)?

Mark

I haven’t looked in this newsgroup before, but after encountering the problem
you describe with xdm I thought I’d see if there was anything on the
subject. I found your posting from 6 months back.

I contacted Metro Link and got the following reply:

Subject: FW: Metro-X for QNX (fwd)

The xdm client calls the QNX operating system’s crypt() function to verify

passwords. While internal details of this function may have been changed in

QNX 4.25E, it seems very unlikely that any such change would break the many

clients which use it.

QNX has not informed us of any such change, and so far no other QNX users

have reported this problem. You may wish to contact QNX support to

investigate other possible causes of the login problem.

I had assumed from this that I was the only person anywhere to be using xdm,
but now I know there are at least two of us. Did you get a fix for the
problem?

I also contacted QSSL (uk) but have had no reply yet.

Regards

William Morris
wrm@innovation-tk.com

4

I had assumed from this that I was the only person anywhere to be using xdm,
but now I know there are at least two of us. Did you get a fix for the
problem?

No, I did not get a fix for this problem. Did you ever hear anything
else? I can’t see how xdm could work without a recompilation, if it is
actual calling the crypt() function on its own rather than relying on
some other program to make the call.

Sorry for the delayed response.

Mark

5

recompile xdm and you are all set.
if you want to pay someone to do that for you, let me know.

Mark Faust <mark_faust@sri.com> wrote:

I had assumed from this that I was the only person anywhere to be using xdm,
but now I know there are at least two of us. Did you get a fix for the
problem?

No, I did not get a fix for this problem. Did you ever hear anything
else? I can’t see how xdm could work without a recompilation, if it is
actual calling the crypt() function on its own rather than relying on
some other program to make the call.

Sorry for the delayed response.

Mark

My public key can be found at
http://mama.indstate.edu/users/liug/key.txt