Subject: Re: login.conf for selecting password verification method (was Re:
To: =?iso-8859-1?Q?Jarom=EDr_Dole=E8ek?= <email@example.com>
From: Greywolf <firstname.lastname@example.org>
Date: 06/30/2000 16:45:03
On Sat, 1 Jul 2000, Jaromír Doleček wrote:
# program, you get the unixish "program does one thing and good" -
# the API the authentication module program has to follow is fairly
# simple and streighforward and the program doesn't need to worry
# about side effects, since it's separate from the program actually
# trying to authenticate; the auth module program can also drop any
# unnecessary permissions as needed. This means that the actual
# program doing authentication (beeing it passwd, login or whatever)
# doesn't need suid root for the authentication itself.
Passwd doesn't need root just for the authentication, it needs it
to be able to write back the passwd file. Now if you wanted to expand
the authentication program to handle that step as well (though that
could rearrange the semantics of passwd as we know them (root needing
to provide a password to change anyone else's password, or what not))...
login/su, on the other hand, require the setuid root because they are
switching the UID of the user before execing the shell. Even when login
is called directly, it needs to modify the owner/group/mode of the session
# The advantage of PAM is merely that it's used more widely :)
Of course it runs BSD.