21.03.2013 Views

Problem - Kevin Tafuro

Problem - Kevin Tafuro

Problem - Kevin Tafuro

SHOW MORE
SHOW LESS

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

cant window of time between when a CA revokes a certificate and when a new CRL<br />

is published.<br />

SSLis widely deployed and works sufficiently well for many applications; however,<br />

because it is difficult to use properly, it is often deployed insecurely. We discuss certificate<br />

verification in Recipes 10.4 through 10.7.<br />

See Also<br />

• Thinking Putty article on defeating biometric fingerprint scanners: http://www.<br />

puttyworld.com/thinputdeffi.html<br />

• RFC 1510: The Kerberos Network Authentication Service (V5)<br />

• RFC 2617: HTTP Authentication: Basic and Digest Access Authentication<br />

• Recipes 4.10, 8.8, 8.9, 8.10, 8.11, 8.12, 8.13, 18.16, 8.21, 10.1, 10.4, 10.5, 10.6,<br />

10.7<br />

8.2 Getting User and Group Information on Unix<br />

<strong>Problem</strong><br />

You need to discover information about a user or group, and you have a username or<br />

user ID or a group name or ID.<br />

Solution<br />

On Unix, user and group names correspond to numeric identifiers. Most system calls<br />

require numeric identifiers upon which to operate, but names are typically easier for<br />

people to remember. Therefore, most user interactions involve the use of names<br />

rather than numbers. The standard C runtime library provides several functions to<br />

map between names and numeric identifiers for both groups and users.<br />

Discussion<br />

Declarations for the functions and data types needed to map between names and<br />

numeric identifiers for users are in the header file pwd.h. Strictly speaking, mapping<br />

functions do not actually exist. Instead, one function provides the ability to look up<br />

user information using the user’s numeric identifier, and another function provides<br />

the ability to look up user information using the user’s name.<br />

The function used to look up user information by numeric identifier has the following<br />

signature:<br />

#include <br />

#include <br />

struct passwd *getpwuid(uid_t uid);<br />

372 | Chapter 8: Authentication and Key Exchange<br />

This is the Title of the Book, eMatter Edition<br />

Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!