PAM

JordiPrats — Tue, 27 Jun 2006 10:47:57 GMT

Hi all,
I need to checkout if a given user is a valid user by PAM.

I have faced that I can only check this out with root permissions, but I don't want to run Apache with root permissions. There's any way to change this to allow an other user to do this?

I'm using a HP-UX 11.11 PA-RISC 2.0

I'm using this small script to test this:
======
#!/opt/perl/bin/perl

use Authen::PAM;

$service = "php";
$username = $ARGV[0];
$password = $ARGV[1];

print "Usage: \n" if ( $ARGV[0] eq "" );

sub my_conv_func
{
my @res;
while ( @_ )
{
my $code = shift;
my $msg = shift;
my $ans = "";

$ans = $username if ($code == PAM_PROMPT_ECHO_ON() );
$ans = $password if ($code == PAM_PROMPT_ECHO_OFF() );

push @res, (PAM_SUCCESS(),$ans);
}
push @res, PAM_SUCCESS();
return @res;
}

ref($pamh = new Authen::PAM($service, $username, \&my_conv_func)) ||
die "Error code $pamh during PAM init!";

$res = $pamh->pam_authenticate;
if ( $res == PAM_SUCCESS() )
{
print "Password OK!\n";
}
else
{
print "Password incorrect!\n";
print $pamh->pam_strerror($res)."\n";
}

Re: PAM

Ivan Ferreira — Tue, 27 Jun 2006 14:51:36 GMT

Have you tried setting the SUID bit to the script? Considered also the use of sudo for this script only?

Re: PAM

JordiPrats — Wed, 28 Jun 2006 01:20:14 GMT

Yes, but this script is just for testing purpouses.

Since something like this script will be a PHP module, the suid bit takes no efect.

There is any other way to give enought permissions to run this without runing apache as root (or setting the suid bit)?

thank you all

topic Re: PAM in Operating System - HP-UX

PAM

Re: PAM

Re: PAM