[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[OATH-Toolkit-help] [sr #109235] pam_oath only works as root
|
From: |
anonymous |
|
Subject: |
[OATH-Toolkit-help] [sr #109235] pam_oath only works as root |
|
Date: |
Tue, 24 Jan 2017 21:49:51 +0000 (UTC) |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36 |
URL:
<http://savannah.nongnu.org/support/?109235>
Summary: pam_oath only works as root
Project: OATH Toolkit
Submitted by: None
Submitted on: Tue 24 Jan 2017 09:49:50 PM UTC
Category: None
Priority: 5 - Normal
Severity: 4 - Important
Status: None
Privacy: Public
Assigned to: None
Originator Email: address@hidden
Open/Closed: Open
Discussion Lock: Any
Operating System: GNU/Linux
_______________________________________________________
Details:
The usersfile setting for pam_oath.so specifies a file to read (and write)
during authentication. This file must be accessible to root only, of course,
to provide security.
Not all software using libpam runs as root. If it does, everything works as
expected. Otherwise, pam_oath.so cannot read the usersfile and therefore
fails. Example: i3lock, pamtester, xscreensaver and many others.
A simple fix is to use suid to root for all binaries, but this is of course
not desirable.
pam_unix.so has a helper binary, /sbin/unix_chkpwd, with sgid to shadow to
access /etc/shadow. A similar helper would be required for pam_auth to do the
actual work.
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/support/?109235>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
- [OATH-Toolkit-help] [sr #109235] pam_oath only works as root,
anonymous <=