access with authentication [SOLVED]

Bill Tangren bjt at aa.usno.navy.mil
Tue Apr 5 14:01:03 UTC 2005


Jeffrey M.Vinocur wrote:
> On Apr 4, 2005, at 1:28 PM, Bill Tangren wrote:
> 
> 
>>I tried the same thing logged in as root, and it worked.
>>
>>[root at summer2 etc]#/news/bin/auth/passwd/ckpasswd -s -u bjt -p 
>>realpassword
>>
>>User:bjt
> 
> 
> Right, that was going to be my next suggestion :-)
> 
> (No worries about the Reply-To mixup, btw.)
> 
> 
> 
>>-r-xr-xr-x  1 news news 48061 Dec  8 10:09 
>>/news/bin/auth/passwd/ckpasswd
> 
> 
> Right.  As documented in the ckpasswd manpage under the -s flag, you 
> may very well need to give ckpasswd special permissions for it to be 
> able to access the shadow password file.
> 
> If your system does indeed have PAM, that might be the better way to go.
> 
> Hmm...there's no documentation in the distribution of how to actually 
> use PAM with ckpasswd.  I forget who incorporated Graeme's 
> modifications into the main tree, but if the usage is the same, I can 
> dig up the config procedure and document it...
> 
> Anybody remember the story with this?
> 

OK.

With Jeffery's help, I solved this problem. I had to change the
ownership on ckpasswd to root, and then I SUID'ed it. It now works for
user news, and I tested it using the readers.conf.


On a slightly different topic, in my testing I find that when a user
fails to gain access using ckpasswd, news.notice has the generic error:

bad_hook program caught signal 15

It would be nice if the error were somewhat more descriptive, so that my
log summaries will tell me about failed login attempts, due either to
users who are having problems, or breakin attempts.


Just my $0.02 worth, and thats Jeffery (and others!) for all the help.


Bill Tangren



More information about the inn-workers mailing list