Bugtraq: Re: PAM applications running as root (Was Re: WebTrends Enterprise

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: PAM applications running as root (Was Re: WebTrends Enterprise

From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Fri, 15 Oct 1999 17:51:15 +0100

It is NOT a requirement of the PAM framework that application be running as
root.  There are two cases though that make login type applications need to
run as root.

      1) The password is stored in /etc/shadow which only root can read
         If the password was in NIS/NIS+/LDAP then the authentication
         could succeed are an ordinary user.


This is not correct either. A good PAM implementation supports shadow
authentication (although not update) via setuid helpers

Alan

By Date By Thread

Current thread:

PAM applications running as root (Was Re: WebTrends Enterprise Reporting Server) Darren Moffat (Oct 14)
- Re: PAM applications running as root (Was Re: WebTrends Enterprise Alan Cox (Oct 15)
- OpenLink 3.2 Advisory Tymm Twillman (Oct 15)
- execve bug linux-2.2.12 ben () VALINUX COM (Oct 15)
  - Netscape 4.x buffer overflow Michael Breuer (Oct 15)
    - Netscape 4.x buffer overflow Max Vision (Oct 18)
  - Re: execve bug linux-2.2.12 Perly (Oct 15)