
Newsgroups: comp.os.linux.development.system
From: jfh@rpp386 (John F. Haugh II)
Subject: Re: Linus: Please add QUOTAS before 1.2.0
Message-ID: <1995Feb6.010118.23433@rpp386>
Reply-To: jfh@rpp386.cactus.org (John F. Haugh II)
Organization: River Parishes Programming, Austin TX
References: <kjA1nSu00iWQQ_ftMY@andrew.cmu.edu> <3gqr22$rna@usenetw1.news.prodigy.com> <ianm.791765643@eldritch>
Date: Mon, 6 Feb 1995 01:01:18 GMT
Lines: 37

In article <ianm.791765643@eldritch> ianm@qualcomm.com (Ian McCloghrie) writes:
>Shadow passwords do not require any kernel modifications, and have
>been around for well over two years.  SLS and Slackware used to come
>with them by default.  (I seem to remember reading somewhere that 
>they were removed because the licensing policy on the software
>prevented them from being distributed on a for-money basis).

The is no part of the license which prohibits for-money distribution
other than the same restrictions against distribution of GNU-ware.  There
are significant parts of Shadow in BSD RENO and about half a dozen Linux
distributors have acknowledged to me that they distribute Shadow with
their product, three of which have sent me complimentary CD's (the most
recent is "InfoMagic" which sent a 3 CD set).  The "no commercial
distribution" story was made up by a group of distributors who were
upset because I refused to put Shadow under the GPL.

The restriction has always been against for-profit distribution which
didn't include sources.  This is the same (except the for-profit part)
restriction which the FSF inflicts -- namely, you MUST provide source
code.  I've repeatedly made the offer to send signed licenses to any
company distributor parts of Shadow with their release of Linux.  Because
I've restated my position that Shadow is freely redistributable so many
times I do insist on a fee for doing this, but so far everyone who has
been granted permission (in writing, and usually a PGP-signed message)
has taken my e-word for it and not demanded paper.

>They are also far less useful in terms of security than one might think.

This is true, only for some values of "far less useful".  The greatest
advantage of the Shadow Password Suite in its current format is that it
supports administrator-defined hooks which would allow things like S/key
to be used.
-- 
John F. Haugh II  [ NRA-ILA ] [ Kill Barney ] !'s: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 251-2151 [GOP][DoF #17][PADI][ENTJ]   @'s: jfh@rpp386.cactus.org
 The ultimate solution to the homeless problem:  Cut down the Pacific Northwest
 forests and kill all the owls.  Build houses with the wood and cook the birds!
