Re: simple password authorization: how to get around logname?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In RedHat 8.0, it would fail to connect me in, even if I was trying to log me in as root. What happens if you run the thing as root? (Not neccesarily setuid, but su over to root and run the program.) It should log in.

If that is the case, check and ensure the [encrypted] password is not in /etc/passwd. If the encrypted password is there, the user will be able to authenticate, but not authenticate as another user unless they have a password in /etc/passwd as well.

Joe

Alois Treindl wrote:

Joe Lewis wrote:

Nate Yocom pinned it. If you don't run it as root, it can't read the /etc/shadow file. period. Obviously, it won't have access to it, so it can't establish the authentication credentials.

I'm afraid you have to worry about security and be root at some point, in order for the application to successfully "login".


Hm, but how does PAM then authenticate myself, in my 'pamtest' when username and logname is identical?


It does ask for the password, and the authentication fails when I give a false one, so it must know my correct password from /etc/shadow, or from where else?


But if you are right, I will probably write a separate little 'login' application - or use the existing /bin/login, if possible - as external utility called from my database application, instead of having to make the whole big beast 'setuid root'



_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list


_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux