GOMBAS Gabor wrote:
>
> On Thu, Dec 28, 2000 at 02:45:22PM -0500, Todd Nemanich wrote:
>
> > I'm not exactly sure if this is the reason, but PAM does not allow any
> > user except root to check another user's password.
>
> Not true. Any user can use PAM to check any password _if_ that user has
> access to the database containing the secrets. When using /etc/passwd and
> /etc/shadow, you must be root or in the shadow group. It's nothing to do
> with PAM, it's the basic UNIX permission thing. Solution: add the cyrus
> user to the shadow group.
>
Does that include creating the shadow group, and changing the perms on
/etc/shadow to 640?
On a couple of my stock RH7 machines there is no shadow group, and
/etc/shadow is set to 600.
--
Ross
Pyromaniacs of the world... IGNITE!!!
