PAM bug in ckpasswd?
mt at nef.wh.uni-dortmund.de
Mon Mar 2 10:07:53 UTC 2009
I think I came across a bug in ckpasswd regarding PAM.
ckpasswd can't check the user auth via PAM if not run by the user in
question or root...
When nnrpd is run as user news (uid 9 on debian), the user auth fails
if ckpasswd has no read access to shadow...
su -c "./ckpasswd -u username -p password" news
ckpasswd: pam_unix(nnrpd:auth): authentication failure; logname= uid=9
euid=9 tty= ruser= rhost= user=username
su -c "./ckpasswd -u username -p password" username
su -c "./ckpasswd -u username -p password" root
/etc/pam.d/nnrpd should be ok:
More information about the inn-bugs