On Sun, May 23, 1999 at 09:33:36AM -0400, Michael Alan Dorman wrote: > Ben Collins <[EMAIL PROTECTED]> writes: > > There is a libapache-mod-pam, which enables apache auth using PAM > > modules, already packaged. It has some drawbacks due to permissions > > (apache runs as www-data so it cannot access /etc/shadow). This can't > > be avoided however. > > Um, doesn't libpwdb take care of this? I would swear (though I can't > confirm it right now, or I would) that I had apache running the > mod_pam module authenticating against shadow with no problems, *once I > installed libpwdb*.
No. pam_pwdb modules uses an external program that is sgid shadow to authenticate users without having the calling program be sgid shadow. However it only authenticates the calling user (www-data in this case), so it wont work for any normal users. -- ----- -- - -------- --------- ---- ------- ----- - - --- -------- Ben Collins <[EMAIL PROTECTED]> Debian GNU/Linux OpenLDAP Dev - [EMAIL PROTECTED] The Choice of the GNU Generation ------ -- ----- - - ------- ------- -- ---- - -------- - --- ---- - --
