Piotr Roszatycki wrote: > The manpage tells that unix_chkpwd will only check the password of the user > invoking it. The webserver have to check the password of other users.
Ok, good point, but why's it even calling it then? Just out of curiousity, what does call that program legitimately? It doesn't seem like there would be too many cases where you are already a user, and then you want to check your password (except for changing passwords, and maybe sudo). Maybe it's really a PAM wishlist bug, but you shouldn't have to give random programs read permissions for /etc/shadow... PAM is supposed to centralize this stuff. Thanks, Dave -- Webster srl Sede legale: Via del Seminario, 3 35122 Padova Sede operativa: Via S. Breda, 28 35010 Limena (PD) Tel. +39 049 8842188 Email: [EMAIL PROTECTED] Visita www.libreriauniversitaria.it -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
