[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: non setuid root applications are able to do authenticationfroma'secure' NIS server but why?



On Wed, 22 May 2002, Andrew Morgan wrote:

This man pages comes from debian woody package.

(faui08) [~] cat /etc/pam.d/xlock
#%PAM-1.0
auth       required     /lib/security/pam_unix.so shadow nullok

and /etc/pam.d/other
auth     required       pam_unix.so
account  required       pam_unix.so
password required       pam_unix.so
session  required       pam_unix.so

> 1. could you reveal the contents of your /etc/pam.d/xlock file?
> 2. where did this man page come from (I'd like to assimilate it into the
> main distribution!)
>
> Cheers
>
> Andrew
>
> >
> > FYI:
> >
> > NAME
> >        unix_chkpwd - check the password of the invoking user
> >
> > SYNOPSIS
> >        <not invoked manually>
> >
> > DESCRIPTION
> >        A  helper  binary for the pam_unix module, unix_chkpwd, is
> >        provided to check the user's password when it is stored in
> >        a  read  protected  database,  such as shadow'd passwords.
> >        This binary is very simple and will only check  the  pass­
> >        word  of  the user invoking it. It is called transparently
> >        on behalf of the user by the authenticating  component  of
> >        the pam_unix module. In this way it is possible for appli­
> >        cations like xlock to work work without being setuid root.
> >
> > USAGE
> >        This  program  is  not  intended  to be called directly by
> >        users and will log to syslog if it  is  called  imporperly
> >        (i.e., by some one trying exploit it).
>
>
>
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list
>





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []