Very Computer

Hi,

I am writing a PAM authorization client on solaris (SunOS 5.8 with
uname -rs). However, I am encountering problems getting the PAM
libraries to authenticate users when the program is run at user level.
If the program is run as 'root' then the libraries work fine. Here is
my /etc/pam.conf entry:

progname auth required /usr/lib/security/$ISA/pam_unix.so.1

What is strange is that the same program, with no change in the source
will compile and work with a Linux machine on the same network. The
network uses NIS to manage user accounts and the NIS passwd.byname map
does not disclose the crypted passwords. Instead it uses a private
passwd.adjunct map. The passwords are actually stored in /etc/shadow.

Can anyone help me, or at least direct me to some documentation that
might have an answer. Any help would be greatly appreciated!

Thanks
Natasha

Quote:> I am writing a PAM authorization client on solaris (SunOS 5.8 with
> uname -rs). However, I am encountering problems getting the PAM
> libraries to authenticate users when the program is run at user level.
> If the program is run as 'root' then the libraries work fine. Here is
> my /etc/pam.conf entry:

You need to call the PAM authentication as root, it will not work unless you
are the super-user...

Quote:> progname auth required /usr/lib/security/$ISA/pam_unix.so.1

Consider what is going on.  Solaris uses the /etc/shadow file to specify
related user information (such as password aging, account inactivity, etc.)
The PAM libraries will also need to read /etc/shadow to determine whether
the authentication should succeed.  Furthermore, since /etc/shadow is
readable only by the super-user, then those PAM library calls will need to
be made as root.

Hope that explanation helps!
--
Dave Ockwell-Jenner
Solar Nexus Solutions
http://www.solar-nexus.com/