If that is the case, check and ensure the [encrypted] password is not in /etc/passwd. If the encrypted password is there, the user will be able to authenticate, but not authenticate as another user unless they have a password in /etc/passwd as well.
Joe
Alois Treindl wrote:
Joe Lewis wrote:
Nate Yocom pinned it. If you don't run it as root, it can't read the /etc/shadow file. period. Obviously, it won't have access to it, so it can't establish the authentication credentials.
I'm afraid you have to worry about security and be root at some point, in order for the application to successfully "login".
Hm, but how does PAM then authenticate myself, in my 'pamtest' when username and logname is identical?
It does ask for the password, and the authentication fails when I give a false one, so it must know my correct password from /etc/shadow, or from where else?
But if you are right, I will probably write a separate little 'login' application - or use the existing /bin/login, if possible - as external utility called from my database application, instead of having to make the whole big beast 'setuid root'
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
