[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: non setuid root applications are able to do authentication froma'secure' NIS server but why?



1. could you reveal the contents of your /etc/pam.d/xlock file?
2. where did this man page come from (I'd like to assimilate it into the
main distribution!)

Cheers

Andrew

> 
> FYI:
> 
> NAME
>        unix_chkpwd - check the password of the invoking user
> 
> SYNOPSIS
>        <not invoked manually>
> 
> DESCRIPTION
>        A  helper  binary for the pam_unix module, unix_chkpwd, is
>        provided to check the user's password when it is stored in
>        a  read  protected  database,  such as shadow'd passwords.
>        This binary is very simple and will only check  the  pass­
>        word  of  the user invoking it. It is called transparently
>        on behalf of the user by the authenticating  component  of
>        the pam_unix module. In this way it is possible for appli­
>        cations like xlock to work work without being setuid root.
> 
> USAGE
>        This  program  is  not  intended  to be called directly by
>        users and will log to syslog if it  is  called  imporperly
>        (i.e., by some one trying exploit it).





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []