On Wed, May 22, 2002 at 02:29:24PM -0400, Michael Stone wrote: > On Wed, May 22, 2002 at 09:58:54AM -0700, John H. Robinson, IV wrote: > > since /bin/login is not SUID, > Well, it usually is...I don't know what you did to yours. :) > > how can it read the /etc/shadow passwords? > It's not strictly necessary to be setid anything to check passwords > these days, if there's a setuid helper for the pam library being called. > (as there is for pam_unix) Though the one included with pam_unix by default is particularly ineffectual at authenticating users to /services/ running as non-root processes, because it takes a secure-by-default approach whereby you can only re-authenticate the user whose uid you're currently running under. Not that anyone would get much use out of a /bin/login that can authenticate users but not change uid's, anyways. :) Steve Langasek postmodern programmer
Attachment:
pgpeabekwPC98.pgp
Description: PGP signature