I have rewritten getpwnam_auth (now its name is getspnam_auth) to check
agains shadow. It works well but requires to be setuid root.
I have a different approach for a local authentication:
- put a getspnam_auth-like verificator (that does not run indefinitely)
into inetd.conf, let it run as root via tcpd and have it answer only calls
via 127.0.0.1.
- create a loopback_auth that checks against 127.0.0.1:xyz (where that
getspnam_auth-like thingie sits). Therefore that loopback_auth does not
need any special privileges and it's up to the admin what kind of
authenticator (shadow, PAM, passwd etc) he/she puts into inetd.conf
What do you think?
(when you reply, please .cc bhoc at surfeu in ch)
Ben
(bhoc at pentagroup dot ch)
Received on Sat Aug 18 2001 - 07:08:30 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:43 MST