Hi, because of new feature to support more authentication backend I look more closer how we currently authenticate. Result is that it works only for /etc/passwd. So I try to research how work interesting world of pam and look again how works rpam which we used in past. Rpam doesn't work for our appliance in previous result, because it cannot read /etc/shadow. Only way how to avoid it is to set suid, which is not acceptable. So we use just unix2_chkpwd which is part of pam_modules to allow pam to solve same problem as we have. So now we use just unix2_chkpwd for result which of course doesn't work for other authenticate backends. But for this purpose works good rpam as pam can read from ldap, edir etc... Easy way how to solve it is to revert patch which remove rpam usage, but I don't like much that we must handle it. I think that it could be nice if rpam if detect that if cannot read /etc/shadow then use unix2_chkpwd itself instead our code. What do you think about it? If you agree I plan to write patch for rpam which do it and try to push it to upstream ( we really must more pushing our fixes to upstream as shown workshop ) Josef
-- Josef Reidinger YaST team maintainer of perl-Bootloader, YaST2-Repair, parts of webyast -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
