Hi, I'm currently trying to configure user authentication on a webserver, that shall use the normal system user names and passwords. I'm using Nginx as webserver, together with the auth_pam module, as packages by Debian wheezy. I expected that since unix_chkpw is set setgid shadow I could use pam_unix.so for the webserver service just as is. However it turned out, that the user for the webserver process must be in the group "shadow" for authentication to work. If the webserver can't read shadow it doesn't work. I was under the impression the idea of unix_chkpw was to have process separation and by having a thoroughly audited helper program, that can be setgid safely so that a regular user can perform pam_unix.so tests. Did I miss something here? Regards, Wolfgang _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
