| 1 |
On 15 Nov 2008, at 00:57, Michael Higgins wrote: |
| 2 |
> ... |
| 3 |
> An application runs as a web server. In this application I have |
| 4 |
> hooks to PAM. The results I was getting from attempting to authorize |
| 5 |
> against PAM were fruitless, until I looked at making a way for the |
| 6 |
> user running this to read /etc/shadow. |
| 7 |
> |
| 8 |
> At any rate, I wound up making a group "shadow" and making /etc/ |
| 9 |
> shadow owned by group shadow and group-readable, adding my user to |
| 10 |
> this group. Now it works great. |
| 11 |
> |
| 12 |
> Isn't this something Gentoo should have a mechanism for handling |
| 13 |
> already, or am I totally off the mark here? Does anyone know if this |
| 14 |
> ability to read /etc/shadow to authenticate on a system is somehow |
| 15 |
> deprecated in favor of something else, or just overlooked in Gentoo |
| 16 |
> land... or what? '-) |
| 17 |
|
| 18 |
Isn't this depreciated in favour of PAM? I think you want to be |
| 19 |
looking at why that wasn't working & at fixing it. What if an |
| 20 |
administrator wants to install your app on a system where users |
| 21 |
authenticate against LDAP? |
| 22 |
|
| 23 |
Sorry to sound negative, but there must be some books / HOWTOs about |
| 24 |
PAM which show minimal programming examples. I'd copy one of those and |
| 25 |
see why it won't work on your system or how your code differs. |
| 26 |
|
| 27 |
Stroller. |
Archives