On 15 Nov 2008, at 00:57, Michael Higgins wrote:
...
An application runs as a web server. In this application I have
hooks to PAM. The results I was getting from attempting to authorize
against PAM were fruitless, until I looked at making a way for the
user running this to read /etc/shadow.
At any rate, I wound up making a group "shadow" and making /etc/
shadow owned by group shadow and group-readable, adding my user to
this group. Now it works great.
Isn't this something Gentoo should have a mechanism for handling
already, or am I totally off the mark here? Does anyone know if this
ability to read /etc/shadow to authenticate on a system is somehow
deprecated in favor of something else, or just overlooked in Gentoo
land... or what? '-)
Isn't this depreciated in favour of PAM? I think you want to be
looking at why that wasn't working & at fixing it. What if an
administrator wants to install your app on a system where users
authenticate against LDAP?
Sorry to sound negative, but there must be some books / HOWTOs about
PAM which show minimal programming examples. I'd copy one of those and
see why it won't work on your system or how your code differs.
Stroller.
