New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add PAM authentication support #20
Comments
Maybe there is a pure Go PAM implementation out there? libpam is very annoying to use.
We don't need that with PAM. We only need that for #21. |
From pam_unix.so(8):
Ok, didn't know. Perhaps, can we use it for #21 too? UPD: No, we shouldn't.
|
Oh, unix_chkpwd works only for current user so it is not useful for us. We need root to access /etc/shadow. |
So, what I think should be done. Create a separate binary called maddy-pam-helper. Generally, when installed to the system, this binary should setuid root (or given CAP_DAC_READ_SEARCH capability on Linux) and be only executable by a group that maddy server runs under (user group "maddy"?). |
Oh, right. RIP, we need root either way. |
This will allow to reuse a lot of components developed for PAM.
Notes
Problems to solve
Some example code can be found here: https://stackoverflow.com/questions/10910193/how-to-authenticate-username-password-using-pam-w-o-root-privileges
Except probably we want to define our own PAM service instead of using "su".
The text was updated successfully, but these errors were encountered: