Hi Roger, Quoting Roger Dunk <roger@at.com.au>: > I have tracked down the problem I was having with Apache and PAM not > working as they should. It appears that unless a particular application is > running as root, pam_pwdb (or pam_unix etc) won't authenticate as they don't > have access to read /etc/shadow. If I chmod o+r /etc/shadow it works as > expected. > There is no way I am going to run httpd as root, so what is the solution? This is the point at which network-oriented password databases become very useful. How can you give the httpd process access to the shadow file without introducing the possibility that some user script, or some remote exploit, won't use that access to harvest your passwords? The only real way to address that security concern is by sticking something in between your program and your passwords which spits back nothing more than a yes-or-no answer. Some modules, such as pam_krb5 and pam_smb, talk to password back-ends that do exactly that. Others, such as pam_unix or pam_pwdb, can do this to a very limited degree. > FWIW, until I installed a new copy of the pam libs, everything worked fine. > I also assumed that if I used pam_unix.so and gave /sbin/unix_chkpwd +s > file privelidges, it would be able to properly read /etc/shadow. But again, > this doesn't seem to work. What do I have to do so that /etc/shadow doesn't > have to be world readable? Yes, unix_chkpwd is written such that the only password it will verify for a given process is that of the user matching the uid of that process. Shipping anything else as the default behavior would be insecure, and a disservice to the users of libpam. Still, unix_chkpwd is a fairly simple program, and an even simpler replacement could be made by ripping out most of the security checks. This question comes up often enough that I've considered writing a number of unix_chkpwd variants that could be shipped with Linux-PAM (but not enabled by default!). I'm still not sure if this is a good idea, or if it's just inviting trouble when admins start using that functionality without examining the security implications... Steve Langasek postmodern programmer
