Re: non-root password lookups?
>> "CL" == Chris Leishman <masklin@debian.org> writes:
CL> On Sun, Jan 17, 1999 at 07:37:05PM -0800, R Garth Wood wrote:
>> On Mon, 18 Jan 1999, Chris Leishman wrote:
>>
>> > The main problem, however, is that it needs to validate the
>> people connecting, > thus needs to check username/password (like
>> pop). Is there a way to do this > and still avoid using root
>> privileges for the daemon?
>>
>> The passwd file is in the shadow group so you could run it sgid.
CL> I guess this is a way, but I was hoping there might be some sort
CL> of suid program or syscall that I can use to interface between me
CL> and the shadow file.
What use would shadow passwords have, if a unprivileged user can query
them?
I heared on Solaris you have a daemon, which takes username/password
and tells you if the combination is OK.
This could be of some use in Linux as well.
Ciao,
Martin
Reply to: