Re: Auth with PAM

To: debian-user <debian-user@lists.debian.org>
Subject: Re: Auth with PAM
From: Tim Dijkstra <tim@famdijkstra.org>
Date: Tue, 12 Feb 2002 15:32:55 +0100
Message-id: <[🔎] 3C692797.40807@famdijkstra.org>
References: <[🔎] 3C67AC7F.1050009@famdijkstra.org> <[🔎] 20020211080733.257abe0d.egm2@jps.net>

Eric G. Miller wrote:

> On Mon, 11 Feb 2002 12:35:27 +0100, Tim Dijkstra<tim@famdijkstra.org> wrote:

>>I'm trying to get some app to use PAM to authenticate against the
>>/etc/shadow. Shouldn't it be enough for the app to
>>be a member of the 'shadow' group for this to work? Or are there any
>>other restrictions.
>>(Works fine when I make /etc/shadow world-readable, but don't want that
>>of course)
>>
>
> It doesn't sound right to add anything to group shadow.  Is this
> application PAM aware?  According to the docs, it needs to have code
> specifically for doing PAM authentication and session management.
>
>

It does, it has a set of functions for doing pam authentication. It'sabout exim. The problem is it runs as mail:mail so it can't handele/etc/shadow.

This is a known problem and people give as advice to use a sepparatepassword file it can access, but I do not like that idea. Then I have to

maintain that file also and figure out a way to get the passwords inthere changed. And all together it doesn't sound that much saver to me.



grts Tim

Reply to:

Follow-Ups:
- Re: Auth with PAM
  - From: Brian May <bam@debian.org>

References:
- Auth with PAM
  - From: Tim Dijkstra <tim@famdijkstra.org>
- Re: Auth with PAM
  - From: Eric G.Miller <egm2@jps.net>

Prev by Date: RE: How to set mutt's Sender = From header
Next by Date: Re: Re: OT: Need help from bash experts...
Previous by thread: Re: Auth with PAM
Next by thread: Re: Auth with PAM
Index(es):
- Date
- Thread