Date: Thu, 9 Sep 1999 13:13:50 -0400 (EDT) From: Robert Watson <robert@cyrus.watson.org> To: Vadim Chekan <vadim@gc.lviv.ua> Cc: "stable@FreeBSD.ORG" <stable@FreeBSD.ORG> Subject: Re: PAM & non-root Message-ID: <Pine.BSF.3.96.990909131151.28044B-100000@fledge.watson.org> In-Reply-To: <37D663C5.4CE6F919@gc.lviv.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
pam_unix.so will require root access to authenticate against /etc/master.passwd. The solution is presumably for PAM to run in the pwcheck daemon provided with Cyrus--I've never used the PAM support so don't know much about it. I use Kerberos 4 directly from Cyrus. The pwcheck daemon listens on a UNIX domain socket, running as root, and will answer authentication queries coming from the Cyrus server running as the cyrus user. On Wed, 8 Sep 1999, Vadim Chekan wrote: > Hello! > > I'm trying to make port of latest cyrus-imap server. It supports PAM > now. > But imapd run as cyrus user. Is it possible to authenticate user using > pam_unix.so by non-root user? > From /usr/src/contrib/libpam/CHANGELOG > * pam_pwdb can now verify read protected passwords when it is not run > by root. This is via a helper binary that is setuid root. > > Where is this helper? > Where can I get more information on this topic? > > Vadim Chekan. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990909131151.28044B-100000>