[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: further modifications to mod_auth_pam.c



Ingo Luetkebohle writes:
>On Tue, 6 May 1997, Michael K. Johnson wrote:
>> No.  See vlock and xlock as examples of programs that have no need to
>> run as root.  In particular, pam_pwdb has a way to verify even shadow
>> passwords without the program being setuid.
>
>Errm, really?

Oh, sorry.  I forgot that apache won't be running as the user being checked,
and as you rightly point out, the password checking program will refuse to
check arbitrary passwords; it only checks the password for the user id that
called it.

xlock and vlock run as the user who is trying to unlock them; that simply
means that the root password won't unlock xlock or vlock sessions if you
have shadow passwords.

michaelkjohnson

"Ever wonder why the SAME PEOPLE make up ALL the conspiracy theories?"




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []