Mailinglist Archive: yast-devel (34 mails)

< Previous Next >
[yast-devel] Webyast and rpam
  • From: Josef Reidinger <jreidinger@xxxxxxx>
  • Date: Mon, 21 Jun 2010 14:00:28 +0200
  • Message-id: <201006211400.28708.jreidinger@xxxxxxx>
Hi,
because of new feature to support more authentication backend I look more
closer how we currently authenticate. Result is that it works only for
/etc/passwd.
So I try to research how work interesting world of pam and look again how works
rpam which we used in past.
Rpam doesn't work for our appliance in previous result, because it cannot read
/etc/shadow. Only way how to avoid it is to set suid, which is not acceptable.
So we use just unix2_chkpwd which is part of pam_modules to allow pam to solve
same problem as we have.
So now we use just unix2_chkpwd for result which of course doesn't work for
other authenticate backends. But for this purpose works good rpam as pam can
read from ldap, edir etc...
Easy way how to solve it is to revert patch which remove rpam usage, but I
don't like much that we must handle it. I think that it could be nice if rpam
if detect that if cannot read /etc/shadow then use unix2_chkpwd itself instead
our code.
What do you think about it? If you agree I plan to write patch for rpam which
do it and try to push it to upstream ( we really must more pushing our fixes to
upstream as shown workshop )
Josef

--
Josef Reidinger
YaST team
maintainer of perl-Bootloader, YaST2-Repair, parts of webyast
--
To unsubscribe, e-mail: yast-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-devel+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups