PAM touching shadow?
Eric Reischer
emr at engr.de.psu.edu
Mon Jul 19 12:40:00 UTC 2004
Precisely; however it is trying to open /etc/shadow *as the logged-in
user*, not root. This is what's throwing the errors in the audit log.
Eric
*********************************************************************
Eric Reischer emr at engr.de.psu.edu
"The most beautiful thing we can experience
is the mysterious." -- Albert Einstein
*********************************************************************
On Mon, 19 Jul 2004, Igmar Palsenberg wrote:
>
> > Unfortunately,
> > however, our workstations running xscreensaver have SNARE reporting that
> > the (non-root) logged-in user unsuccessfully attempts to touch the
> > /etc/shadow file, with timestamps that correspond to the exact times that
> > the user unlocks the window via xscreensaver.
>
> Sound logical to me : xscreensaver needs to verify the user's password,
> let's PAM handle that, and PAM needs to open /etc/shadow to verify the
> actual hashes.
>
> > I have narrowed it down to PAM (I think), as I've recompiled xscreensaver
> > with absolutely no passwd references; only the PAM libraries compiled in,
> > and the problem still presents itself. Does anyone know if PAM is making
> > this call at some point, and if so, what is the reason behind it? Is PAM
> > just doing a sanity permission check on the shadow file?
>
> It's probably opening it.
>
>
>
> Igmar
>
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>
More information about the Pam-list
mailing list