I spent some time looking for something like this. Unfortunately I could'nt find anything. I agree it would be very handy to have. In addition to your application (which is an interesting one that had not occured to me) you could also have the connection over the network, allowing for one single sophisticated authentication engine on a central server and lots of slaves hanging off it. I could really have done with that recently, for various complicated reasons. There would need to be a secure link between client and server, but as far as I can see this would only need ssh to do: it has a mode where you can set up a Unix socket at the client end which ends up talking to a daemon at the server end. Any protocol can then be tunneled through it. So that would take care of security. Paul. > -----Original Message----- > From: Helge Bahmann [mailto:bahmann@math.tu-freiberg.de] > I have an application supporting pam, but it is running with > insufficient > privileges to do authentication against the system (shadow) password > database. The application is not designed to run with > elevated privileges > [...]my > idea is to have a small local "authentication proxy" with sufficient > privileges to do the authentication, communicating with the > application > through unix domain sockets or similiar.
