splash@??? said:
> As far as I can see, I don't see why PAM can't read shadow password
> files as it runs as root as far as I understand it. I am Running RH
> 6.2.
PAM is a dynamically loaded set of libraries. It runs as the UID of
the invoking process - other than a few special cases such as a setuid
helper for the pwdb module (which reads shadow, but refuses to return
data other than for the UID it is invoked by). This is a place where
Unix could do with authenticated subsystems such as in the late
lamented Apollo Domain/OS
Nigel.
--
[ - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham Nigel.Metheringham@??? ]
[ Phone: +44 1423 850000 Fax +44 1423 858866 ]