On Wed, Aug 03, 2005 at 01:17:49AM -0700, Steve Langasek wrote: > I can see their point, but damn if this isn't an ugly way to do it. I'd > much rather see movement toward a BSD auth solution, where the entire > pam_unix module is behind an exec barrier, but I don't exactly have time to > refactor all the existing PAM modules in Debian for that...
It seems much more sensible to me to create an suid-root unix_setpwd than to overload unix_chkpwd, given that its sole purpose is to be small, simple and auditable. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]