[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

(more) /etc/shadow problems



Hi all,

I just joined the list, so be gentle ;^)

I'm trying to get a web-based application to authenticate using PAM
(via perl's Authen::PAM module).

My test scripts work fine, as long as I'm authenticating the same
user that the scripts are running under. When I plug my stuff into a
cgi script however (apache web server running as user 'nobody' on
Linux, with PAM 0.75), authentication fails.

Reading through this thread:

  http://archives.neohapsis.com/archives/pam-list/2001-02/0100.html

I realize that the /sbin/unix_chkpwd script is likely disallowing
lookups for uids not matching the effective uid of the requesting
process.

The thread suggests cobbling together a version of unix_chkpwd that
allows this type of lookup for the web server user. I'm not certain
that my typical customer will want to accept (nor, be able to
correctly compile it, for that matter...) this as a solution.

So, anyone have a generic solution that solves this? Or should I
just hack up a version of unix_chkpwd and try to include as detailed
building instructions as possible?

Thanks.
-- 
Steve Reppucci                                       sgr@logsoft.com |
Logical Choice Software                          http://logsoft.com/ |
=-=-=-=-=-=-=-=-=-=-  My God!  What have I done?  -=-=-=-=-=-=-=-=-=-=





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []