PAM bug in ckpasswd?

Russ Allbery rra at stanford.edu
Mon Mar 2 19:18:14 UTC 2009


Martin Tessarek <mt at nef.wh.uni-dortmund.de> writes:

> I think I came across a bug in ckpasswd regarding PAM.  ckpasswd can't
> check the user auth via PAM if not run by the user in question or
> root...  When nnrpd is run as user news (uid 9 on debian), the user auth
> fails if ckpasswd has no read access to shadow...

How this works depends on the PAM configuration of your local system.
With Debian, for example, there is a setgid helper program provided by
pam_unix named unix_chkpwd that's used to do the password checks.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>




More information about the inn-bugs mailing list