21.03.2013 Views

Problem - Kevin Tafuro

Problem - Kevin Tafuro

Problem - Kevin Tafuro

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

cant window of time between when a CA revokes a certificate and when a new CRL<br />

is published.<br />

SSLis widely deployed and works sufficiently well for many applications; however,<br />

because it is difficult to use properly, it is often deployed insecurely. We discuss certificate<br />

verification in Recipes 10.4 through 10.7.<br />

See Also<br />

• Thinking Putty article on defeating biometric fingerprint scanners: http://www.<br />

puttyworld.com/thinputdeffi.html<br />

• RFC 1510: The Kerberos Network Authentication Service (V5)<br />

• RFC 2617: HTTP Authentication: Basic and Digest Access Authentication<br />

• Recipes 4.10, 8.8, 8.9, 8.10, 8.11, 8.12, 8.13, 18.16, 8.21, 10.1, 10.4, 10.5, 10.6,<br />

10.7<br />

8.2 Getting User and Group Information on Unix<br />

<strong>Problem</strong><br />

You need to discover information about a user or group, and you have a username or<br />

user ID or a group name or ID.<br />

Solution<br />

On Unix, user and group names correspond to numeric identifiers. Most system calls<br />

require numeric identifiers upon which to operate, but names are typically easier for<br />

people to remember. Therefore, most user interactions involve the use of names<br />

rather than numbers. The standard C runtime library provides several functions to<br />

map between names and numeric identifiers for both groups and users.<br />

Discussion<br />

Declarations for the functions and data types needed to map between names and<br />

numeric identifiers for users are in the header file pwd.h. Strictly speaking, mapping<br />

functions do not actually exist. Instead, one function provides the ability to look up<br />

user information using the user’s numeric identifier, and another function provides<br />

the ability to look up user information using the user’s name.<br />

The function used to look up user information by numeric identifier has the following<br />

signature:<br />

#include <br />

#include <br />

struct passwd *getpwuid(uid_t uid);<br />

372 | Chapter 8: Authentication and Key Exchange<br />

This is the Title of the Book, eMatter Edition<br />

Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!