ISavant01
10-11-2009, 12:59 PM
i've been working on a change_password plugin for an installation of SquirrelMail, and notice that the email passwords are stored in:
<account>/etc/<domain>/shadow
but there is also a "shadow,v" RCS file with version information. an "rlog" on the shadow file shows that the different versions of the shadow file were "Modified by /usr/local/cpanel/cpanel" - which makes sense, as that is the usual way to change a user's email password.
i've got the code to correctly update the MD5 hash in the shadow file; so my "change password" plugin is technically working. but i'm wondering if i should be checking out/checking in the shadow file just before and after each change.
from the "rlog" i can see that cpanel does NOT do it every time. and indeed, leaves the file in a "locked" (and editable) state.
could this just be part of the normal BlueHost backup procedures? or detritus from a domain / server move?
any hints or experience greatly appreciated.
<account>/etc/<domain>/shadow
but there is also a "shadow,v" RCS file with version information. an "rlog" on the shadow file shows that the different versions of the shadow file were "Modified by /usr/local/cpanel/cpanel" - which makes sense, as that is the usual way to change a user's email password.
i've got the code to correctly update the MD5 hash in the shadow file; so my "change password" plugin is technically working. but i'm wondering if i should be checking out/checking in the shadow file just before and after each change.
from the "rlog" i can see that cpanel does NOT do it every time. and indeed, leaves the file in a "locked" (and editable) state.
could this just be part of the normal BlueHost backup procedures? or detritus from a domain / server move?
any hints or experience greatly appreciated.