[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: shall a pam-enabled application be setuid root to be able to pam_authenticate system users ?

From: "Ludvig Ericson" <ludvig ericson gmail com>
To: pam-list redhat com
Subject: Re: shall a pam-enabled application be setuid root to be able to pam_authenticate system users ?
Date: Fri, 16 Mar 2007 22:45:15 +0100

Okay, I've written a short test-case.

I thank you for asking this question; it answers my own question in
another mail - why pam_acct_mgmt() fails when I call it.

It would seem that the case is that you can authenticate as your own
user on my system, and this may very well have to do with permissions
on each individual system.

Anyway, the code I tested with: http://rafb.net/p/2svWsB16.html
And the commands I ran:
toxik saga ~ $ ./pamtest sshd toxik
Password:
pam_acct_mgmt() failed: error 9, Authentication service cannot
retrieve authentication info
toxik saga ~ $ ./pamtest sshd root
Password:
authentication error: Authentication failure
toxik saga ~ $ sudo ./pamtest sshd root
Password:
authentication error: Authentication failure
toxik saga ~ $ sudo ./pamtest sshd toxik
Password:
pam_acct_mgmt() failed: error 0, Success

In short, yes, with pam_unix.so it does seem like you have to be root.

Thank you, Ludvig Ericson.

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]