Hi Claude, > I'm using the xauth-pam module and strongswan runs as unprivileged user > 'vpn'. [...] charon is not permitted to read /etc/shadow, even when > adding user 'vpn' to the group 'shadow' which is allowed to read the > file.
I've tried to reproduce that, unfortunately without success. It seems that my PAM uses the setuid unix_chkpwd helper to verify passwords, and this works with any privileges. > we wrote a small patch which fixed the issue for us. Thanks for the patch, looks good. I think it would be simpler to use the initgroups(3) call, though. Please let me know if the patch at [1] works for you, I'll then push it to master. Best regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=934b49e8 _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
