[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

/etc/shadow and mod_auth_pam with pam_pwdb

From: thi <ttn gnu org>
To: pam-list redhat com
Subject: /etc/shadow and mod_auth_pam with pam_pwdb
Date: Fri, 19 Feb 1999 22:07:40 -0500

hello,

i have an apache server running as a non-root user with the following
pam config:

#%PAM-1.0 
auth       required     /lib/security/pam_pwdb.so shadow nullok
account    required     /lib/security/pam_pwdb.so
password   required     /lib/security/pam_cracklib.so retry=3
password   required     /lib/security/pam_pwdb.so shadow nullok use_authtok

the /etc/pwdb.conf file has:

user:
        unix+shadow
        nis+unix+shadow
group:
        unix+shadow
        nis+unix+shadow

the problem is that the pam_pwdb library is unable to authenticate
anyone other than the user running the server (httpd, in this case)
using the /sbin/pwdb_chkpwd helper application.  pam_pwdb works great
with most other servers as they are run as root.

i am trying to fix this situation by changing the interface between
pam_pwdb and pwdb_chkpwd so the helper application takes both an userid
and a password to verify it with /etc/shadow.  i also plan to restrict
the read/execute permissions on /sbin/pwdb_chkpwd to owner/group and
make httpd be a member of this group.

comments/suggestions?  (btw, using linux-pam-0.66 and pwdb-0.55)

thanks,
thi

Follow-Ups:
- Re: /etc/shadow and mod_auth_pam with pam_pwdb
  - From: Savochkin Andrey Vladimirovich <saw@msu.ru>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] []