[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pwdb and shadow



On Mon, 2 Nov 1998, Seth Chaiklin wrote:

> Is the following correct (in theory)?
> 
> 1.  Suppose a program, let's say, pppd, is PAMified (properly),
>     but does not explicitly have shadow support compiled in.
> 
> 2.  pam_pwdb.so is supposed to be able to read shadow files
>     (provided that /etc/pwdb.conf is configured properly).
> 
> 3.  Therefore, isn't it correct to conclude that even though
>     a program (e.g., pppd) is not directly compiled for shadow, 
>     it would still be able to use a shadow file for authentication
>     so long as it had access to the pam_pwdb module?

Based on my understanding of how PAM and pwdb interact, yes.  The PPP
server gets user information from /etc/passwd via libc (if that's even
needed in this situation), and authentication is handled by pam_pwdb
checking /etc/shadow.

(In theory, pam_pwdb wouldn't even have to be using crypt() to generate
information stored in the shadow file, or even use /etc/shadow at all.
Heck, with the proper changes, it could be using NT's hashing algorithm
and checking and updating passwords in Samba's smbpasswd file.  Just an
idea I've been kicking around.)

Nalin



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []