Re: PAM touching shadow?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Unfortunately, 
> however, our workstations running xscreensaver have SNARE reporting that 
> the (non-root) logged-in user unsuccessfully attempts to touch the 
> /etc/shadow file, with timestamps that correspond to the exact times that 
> the user unlocks the window via xscreensaver.

Sound logical to me : xscreensaver needs to verify the user's password, 
let's PAM handle that, and PAM needs to open /etc/shadow to verify the 
actual hashes.
 
> I have narrowed it down to PAM (I think), as I've recompiled xscreensaver 
> with absolutely no passwd references; only the PAM libraries compiled in, 
> and the problem still presents itself.  Does anyone know if PAM is making 
> this call at some point, and if so, what is the reason behind it?  Is PAM 
> just doing a sanity permission check on the shadow file?

It's probably opening it.



	Igmar


_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux