pam_unix.so and unix_chkpw setgid - does it work for regular users?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I'm currently trying to configure user authentication on a webserver,
that shall use the normal system user names and passwords. I'm using
Nginx as webserver, together with the auth_pam module, as packages by
Debian wheezy.

I expected that since unix_chkpw is set setgid shadow I could use
pam_unix.so for the webserver service just as is. However it turned
out, that the user for the webserver process must be in the group
"shadow" for authentication to work. If the webserver can't read shadow
it doesn't work.

I was under the impression the idea of unix_chkpw was to have process
separation and by having a thoroughly audited helper program, that can
be setgid safely so that a regular user can perform pam_unix.so tests.

Did I miss something here?


Regards,

Wolfgang

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list


[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux