|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ben Collins (bcollins
debian.org)Date: Mon Feb 19 2001 - 21:57:57 CST
>
> This question comes up often enough that I've considered writing a number of
> unix_chkpwd variants that could be shipped with Linux-PAM (but not enabled by
> default!). I'm still not sure if this is a good idea, or if it's just inviting
> trouble when admins start using that functionality without examining the
> security implications...
>
You could probably modify unix_chkpwd to check a config file, or
hardcoded group for "trusted" users that can verify any uid, then make
it suid root. Would require some special care, but it might prove
useful. Then you can just make the web server's uid/gid part of the
trusted group, so it can verify from pam_unix.so.
Ben
-- -----------=======-=-======-=========-----------=====------------=-=------ / Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \ ` bcollins_______________________________________________ Pam-list mailing list Pam-list
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]