Re: PAM not working reliably

To: "List, debian-user" <debian-user@lists.debian.org>
Subject: Re: PAM not working reliably
From: Crispin Wellington <crispin@aeonline.net>
Date: 26 Jun 2002 17:19:59 +0800
Message-id: <[🔎] 1025083199.1366.33.camel@void>
In-reply-to: <[🔎] 20020625083924.GA2874@ursine.dyndns.org>
References: <[🔎] 20020625083924.GA2874@ursine.dyndns.org>

On Tue, 2002-06-25 at 16:39, Paul Johnson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> So why is it if I have /etc/shadow owned by root:shadow, group has read
> access, and mail in the shadow group, exim can't authenticate through
> PAM.  If I chown /etc/shadow to root:mail, it works...WTF?

PAM (running at the user level exim is running at) cannot read the
/etc/shadow file. Put the user exim is running at, as a member of group
shadow (edit /etc/group and add the username after the last : on the
shadow entry line).

Restart exim and PAM running at that userlevel should be able to read
shadow. 

Personally I don't use shadow auth and have PAM set to authenticate
against a remote server, so there's none of those permission problems.

If this is a bad idea, someone post to the list (fooling with
/etc/shadow's permissions is always a bad idea)

Crispin

-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: PAM not working reliably
  - From: Paul Johnson <baloo@ursine.dyndns.org>

References:
- PAM not working reliably
  - From: Paul Johnson <baloo@ursine.dyndns.org>

Prev by Date: downgrading packages?
Next by Date: Re: Centralized /etc/passwd ?
Previous by thread: PAM not working reliably
Next by thread: Re: PAM not working reliably
Index(es):
- Date
- Thread