[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] xauth-pam with unprivileged user
From: Martin Willi <martin () strongswan ! org>
Date: 2013-02-20 12:40:38
Message-ID: 1361364038.2859.25.camel () martin
[Download RAW message or body]
Hi Claude,
> I'm using the xauth-pam module and strongswan runs as unprivileged user
> 'vpn'. [...] charon is not permitted to read /etc/shadow, even when
> adding user 'vpn' to the group 'shadow' which is allowed to read the
> file.
I've tried to reproduce that, unfortunately without success. It seems
that my PAM uses the setuid unix_chkpwd helper to verify passwords, and
this works with any privileges.
> we wrote a small patch which fixed the issue for us.
Thanks for the patch, looks good. I think it would be simpler to use the
initgroups(3) call, though. Please let me know if the patch at [1] works
for you, I'll then push it to master.
Best regards
Martin
[1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=934b49e8
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic