Re: CALL for PAM support
On Sun, May 23, 1999 at 09:33:36AM -0400, Michael Alan Dorman wrote:
> Ben Collins <bcollins@debian.org> writes:
> > There is a libapache-mod-pam, which enables apache auth using PAM
> > modules, already packaged. It has some drawbacks due to permissions
> > (apache runs as www-data so it cannot access /etc/shadow). This can't
> > be avoided however.
>
> Um, doesn't libpwdb take care of this? I would swear (though I can't
> confirm it right now, or I would) that I had apache running the
> mod_pam module authenticating against shadow with no problems, *once I
> installed libpwdb*.
No. pam_pwdb modules uses an external program that is sgid shadow to
authenticate users without having the calling program be sgid shadow.
However it only authenticates the calling user (www-data in this case),
so it wont work for any normal users.
--
----- -- - -------- --------- ---- ------- ----- - - --- --------
Ben Collins <bcollins@debian.org> Debian GNU/Linux
OpenLDAP Dev - bcollins@openldap.org The Choice of the GNU Generation
------ -- ----- - - ------- ------- -- ---- - -------- - --- ---- - --
Reply to: