[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [leafnode-list] Question regarding authentification



Cornelius Krasel wrote:

Hello,

> While dealing with Mark Brown's authinfo patch, I wrote an extension for
> the nntpd which allows authinfo based on the contents of /etc/passwd and
> /etc/shadow -- or so I thought. Obviously, the nntpd cannot access the
> shadowed password file since it does not run as the superuser but as
> user "news" instead. Therefore, I am curious as to what your opinion is.
> I see at least the following possibilities:
> 
> 1) Ignoring authentification based on /etc/shadow
> 
> 2) Let the nntpd run on UID (or GID) 0
> 
> 3) Have an own user/password file which is readable by news:news
> 
> What do you think?

I think, you can use /bin/login to test, if the password and username
are right. But I don't know, how it works, it just an idea.

IMHO it is really usefull, when there's *one* passwordfile in the
system, which is used from all services, which run on the machine. You
really know the problem, when you change the password of one user with
'passwd' you must change it with smbpasswd and htpasswd too, which takes
a lot of time.

My other idea is, that you can copy /etc/shadow and give the new file
the permission 600 news.news, in this case you have two files, one file
is only readable from root and one file is only readable from news. When
you run nntpd initial as root, it can copy the /etc/shadow to
/etc/nntp.shadow ie. and give it the needed permissions. (And you could
modify '/bin/passwd' that it sends a SIGHUP to nntpd, when a passwort is
changed.)

BTW: Don't laugh at me, the ideas above are only ideas, I'm not an
expert.

cheers
Thomas
-- 
Thomas Bader <thomasb@xxxxxxxxx>, Powered by LINUX 2.2
Infos und Tipps zu Linux, HOWTOs des DLHP <http://surf.to/bader>
_____________________________________________________________________
Einen Unixshellaccount (alles inkl.) gibts unter http://www.trash.net

-- 
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list