1 |
On 15 Nov 2008, at 00:57, Michael Higgins wrote: |
2 |
> ... |
3 |
> An application runs as a web server. In this application I have |
4 |
> hooks to PAM. The results I was getting from attempting to authorize |
5 |
> against PAM were fruitless, until I looked at making a way for the |
6 |
> user running this to read /etc/shadow. |
7 |
> |
8 |
> At any rate, I wound up making a group "shadow" and making /etc/ |
9 |
> shadow owned by group shadow and group-readable, adding my user to |
10 |
> this group. Now it works great. |
11 |
> |
12 |
> Isn't this something Gentoo should have a mechanism for handling |
13 |
> already, or am I totally off the mark here? Does anyone know if this |
14 |
> ability to read /etc/shadow to authenticate on a system is somehow |
15 |
> deprecated in favor of something else, or just overlooked in Gentoo |
16 |
> land... or what? '-) |
17 |
|
18 |
Isn't this depreciated in favour of PAM? I think you want to be |
19 |
looking at why that wasn't working & at fixing it. What if an |
20 |
administrator wants to install your app on a system where users |
21 |
authenticate against LDAP? |
22 |
|
23 |
Sorry to sound negative, but there must be some books / HOWTOs about |
24 |
PAM which show minimal programming examples. I'd copy one of those and |
25 |
see why it won't work on your system or how your code differs. |
26 |
|
27 |
Stroller. |