From: Marco Colombo (no email)
Date: Thu Aug 09 2001 - 13:11:14 EDT
On Thu, 9 Aug 2001, Tyrone Vaughn wrote:
> I did search the archives and the closest solution I can find is to
> abandon checking the shadow file via PAM and run the program "pwcheck"
> as the root user -- something I don't want to do.
>
> If you know the answer, would you please forward it on to me?
Simple: you need read access to /etc/shadow to check passwords. So either
you arrange /etc/shadow permissions so that the imapd process (which
does not run as root) can read it, or you need some root process to
read it instead and provide the answer (which is what pwcheck is
designed for).
As someone else already suggested, if you don't want to run pwcheck
as root (the "yet another root daemon running on my system" syndrome),
arrange permissions so that only the imapd process can read /etc/shadow.
$ ls -al /etc/shadow
-r--r----- 1 root cyrus 11736 Aug 6 15:20 /etc/shadow
I've used both the pwcheck and the above solution successfully.
.TM.
--
____/ ____/ /
/ / / Marco Colombo
___/ ___ / / Technical Manager
/ / / ESI s.r.l.
_____/ _____/ _/
|
|
|