Subject: Re: [netatalk-admins] DES, how to log in
From: Cameron Hart (chart@design.wnp.ac.nz)
Date: Sun Oct 04 1998 - 22:15:01 EDT
> I think that PAM is not needed if you just use 2-way-rand, since
> /etc/shadow and /etc/passwd should not be consulted by netatalk when a
> uaser needs to log-in. Changing of passwords should work as long as they
> own ~/.passwd and have proper access to it.
No, although I'm sure someone could write a PAM module to do this (if they
were feeling masochistic :-)
> If you *need* to have your /etc/passwd and /etc/shadow consulted and
> modified via PAM wit netatalk, and users can log in, but cannot change
> their password, then it is likely that you do have some problems with how
> PAM support has been compiled into netatalk, or how it is configured on
> your system. (Things that you are probably aware of which prompted you
> to write your message... ;)
Not sure, does anyone else on this list have an answer? The reason why I might
want to change /etc/shadow is because I want our users (who are all totally
Mac users, no shell access) to be able to change their netatalk password and
their mail password in one hit. Ideally netatalk could do a 2-way randnum
password change, and change the /etc/passwd at the same time. I guess having
the same ~/.passwd as /etc/passwd is a bit risque, however I think that having
two different passwords could be more than our users can cope with ;-)
> > I am using Shadow passwords and Linux PAM. My /etc/pam.d/netatalk file
> > looks like
> > this:
> >
> > #%PAM-1.0
> > auth required /lib/security/pam_pwdb.so shadow
> > account required /lib/security/pam_pwdb.so
> > #password required /lib/security/pam_cracklib.so
> > #password required /lib/security/pam_pwdb.so shadow use_authtok
> > session required /lib/security/pam_pwdb.so
...
Cam.
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:33:23 EST