[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: shared root account



On Tue, Jul 10, 2001 at 09:05:18AM -0400, Jason Healy wrote:
> apt-get install libpam-doc libpam-opie libpam-pwdfile
> 
> The first is docs, the second is OTP (one time passwords), and the
> third is to authenticate against "passwd-like" files.  The idea with
> the third is that you make another passwd file (/etc/sudo.passwd), put
> all your sudoers in it.  Then, change /etc/pam.d/sudo to say:
> 
> auth required /lib/security/pam_pwdfile.so pwdfile /etc/sudo.passwd

you don't need to specify the full path to pam modules, and its better
that you don't (debian pam policy).  

> Also, from that README:
> 
> ==
>    The ASCII password file is simply a list of lines, each looking like
>    this:
>    username:crypted_passwd[13] in the case of vanilla crypted passwords,
>    username:crypted_passwd[34] in the case of MD5 crypted passwords.
> ==

nice to know pam_pwdfile gained md5 support, iirc it only did the
anchient crappy crypt before.. 

now there just needs to be a passwd command to work with this... 

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgp6nWAUnmdGx.pgp
Description: PGP signature


Reply to: