[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM and shadow

Previously Andrew Morgan wrote:
> use pam_pwdb (which uses a little helper binary to check the user's own
> password).  This is how Redhat's xlock is not setuid root and yet works
> with shadow passwords.

I was fearing you would say this... using a seperate helper binary is
bad, since it makes it much easier for someone to use bruce-force trying
passwords using that binary..

I'm still curious why pam_start() doesn't allow a PAM module to
initialize itself, since that would solve this problem cleanly without
needing an externaly program, and might solve future problems as well.


This combination of bytes forms a message written to you by Wichert Akkerman.
E-Mail: wakkerma@cs.leidenuniv.nl
WWW: http://www.wi.leidenuniv.nl/~wichert/

Attachment: pgp00001.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []