Re: [Exim] Exim and PAM, again

Top Page
Delete this message
Reply to this message
Author: Nigel Metheringham
Date:  
To: Christi Alice Scarborough
CC: exim-users
Subject: Re: [Exim] Exim and PAM, again
christi.scarborough@??? said:
> This would be kind of bizzare, and would seem to defeat the purpose of
> PAM somewhat. That doesn't mean it's not true, however.


        A helper binary, pwdb_chkpwd, is provided to check the user's
        password when it is stored in a read protected database.  This
        binary is very simple and will only check the password of the
        user invoking it.  It is called transparently on behalf of the
        user by the authenticating component of this module.  In this
        way it is possible for applications like xlock to work without
        being setuid-root.


Shadow passwords are there so only root can see the crypted password.
Allowing the user to check against their own password makes some sense,
but wider access risks people being able to brute force shadow
passwords just like normal ones...

    Nigel.
-- 
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham                  Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000                         Fax +44 1423 858866 ]