Re: simple password authorization: how to get around logname?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Nathan Yocom wrote:

What do I need to do so that pamtest allows me to authenticate
for any user?


Have you tried running it as root?

(The same way, like 'su' allows me to become any other user, from my given shell session, if I know that user's password)


On my system su is setuid root (-rwsr-xr-x root root su).

I am aware that I have very little understanding of PAM, and I would be happy to remain as ignorant as I am, if I just get that little task working.


In my experience your application has to be run setuid root in order to authentication other users (as it must load PAM, which must be able to read /etc/shadow, or other auth sources as the case may be). I would suggest that this is still better than using a custom setuid program to directly compare against /etc/shadow as you gain the modularity of later moving users into your database, ldap, ... fill in the blank... ;)



Well, running as root is not really desirable - otherwise I could use
getspnam() directly, to rad the encrypted password out of /etc/shadow

is there really no way to use PAM to check for a valid password, without doing anythign else?


_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux