using PAM to check shadow passwords without the process being able to read /etc/shadow

Sam Barnett-Cormack sdb at geekworld.co.uk
Fri Mar 25 21:32:19 UTC 2005


Hey.

I'm using apache2 with mod_auth_pam, and would like to be able to check
shadow passwords without having to have the webserver run as a user with
permission to read the shadow password file...

I've read about using mod_auth_external and so on, but I'd rather have a
clean configurable interface like PAM. Does anyone know any PAM modules that
will enable me to do this (for example, they internally use a suid binary
that takes a username *and* a password, rather than the
password-and-calling-user method of pam_unix).

I've found talk online about pam_unix-new, but I now can't find it anywhere
(links on the Linux-PAM page lead to a nonexistent host).

Anyone have any suggestions?

Sam

PS: I'm only allowing it over SSL, so I'm comfortable using system
passwords, and will be using fallthrough to enable other users to have
access to that part of my site, without having system accounts.




More information about the Pam-list mailing list