PAM bug in ckpasswd?

Russ Allbery rra at
Mon Mar 2 19:18:14 UTC 2009

Martin Tessarek <mt at> writes:

> I think I came across a bug in ckpasswd regarding PAM.  ckpasswd can't
> check the user auth via PAM if not run by the user in question or
> root...  When nnrpd is run as user news (uid 9 on debian), the user auth
> fails if ckpasswd has no read access to shadow...

How this works depends on the PAM configuration of your local system.
With Debian, for example, there is a setgid helper program provided by
pam_unix named unix_chkpwd that's used to do the password checks.

Russ Allbery (rra at             <>

More information about the inn-bugs mailing list