Eric G. Miller wrote:
> On Mon, 11 Feb 2002 12:35:27 +0100, Tim Dijkstra
<[EMAIL PROTECTED]> wrote:
>>I'm trying to get some app to use PAM to authenticate against the
>>/etc/shadow. Shouldn't it be enough for the app to
>>be a member of the 'shadow' group for this to work? Or are there any
>>other restrictions.
>>(Works fine when I make /etc/shadow world-readable, but don't want that
>>of course)
>>
>
> It doesn't sound right to add anything to group shadow. Is this
> application PAM aware? According to the docs, it needs to have code
> specifically for doing PAM authentication and session management.
>
>
It does, it has a set of functions for doing pam authentication. It's
about exim. The problem is it runs as mail:mail so it can't handele
/etc/shadow.
This is a known problem and people give as advice to use a sepparate
password file it can access, but I do not like that idea. Then I have to
maintain that file also and figure out a way to get the passwords in
there changed. And all together it doesn't sound that much saver to me.
grts Tim
