Re: PAM applications running as root (Was Re: WebTrends Enterprise

From: Alan Cox (alanat_private)
Date: Fri Oct 15 1999 - 09:51:15 PDT

Next message: Tymm Twillman: "OpenLink 3.2 Advisory"

Previous message: Dirro, Toralv: "Re: I'm an idiot...."
Maybe in reply to: Darren Moffat: "PAM applications running as root (Was Re: WebTrends Enterprise"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> It is NOT a requirement of the PAM framework that application be running as
> root.  There are two cases though that make login type applications need to
> run as root.
>
> 	1) The password is stored in /etc/shadow which only root can read
> 	   If the password was in NIS/NIS+/LDAP then the authentication
> 	   could succeed are an ordinary user.

This is not correct either. A good PAM implementation supports shadow
authentication (although not update) via setuid helpers

Alan

Next message: Tymm Twillman: "OpenLink 3.2 Advisory"
Previous message: Dirro, Toralv: "Re: I'm an idiot...."
Maybe in reply to: Darren Moffat: "PAM applications running as root (Was Re: WebTrends Enterprise"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:07:37 PDT