Em Wed, Nov 21, 2001 at 07:05:40AM -0800, Wil Cooley escreveu: > successfully opening /etc/shadow, although I guess not. (I guess > I assumed pam_unix.so would call unix_chkpwd if it wasn't root.) It does, but only to authenticate the user calling it, not somebody else, iirc. > > Or use the pwcheck method in SASL, which also requires another > > daemon. I've never tried that, though. > > grep'ing through the txts with my pam distribution, I don't see > any docs on configuring unix_chkpwd, how the heck to use it? It's part of the sasl package. I think the only doc is a small readme and a FAQ entry, you should be able to find it in the tarball or at the sasl website. But it's only for plaintext passwords, if you use /etc/sasldb, for instance, it should be enough to have that file readable by the postfix daemon. I tried it once with openldap running as an "ldap" user and granting read access to that file (sasldb) for the "ldap" group, it worked. But this gets more complex if other daemons need read access to it too.
