tiwe-de / libpam-pwdfile Goto Github PK
View Code? Open in Web Editor NEWPAM module allowing authentication via an /etc/passwd-like file
Home Page: https://git.tiwe.de/libpam-pwdfile.git
PAM module allowing authentication via an /etc/passwd-like file
Home Page: https://git.tiwe.de/libpam-pwdfile.git
Hello.
I want to use this module in old version of CentOS 5.
Is there any way to use it on this distro? I've tried to use it with ssh, but it fails to load with this message:
Jun 16 21:40:17 localhost sshd[3738]: PAM unable to dlopen(/lib64/security/pam_pwdfile.so)
Jun 16 21:40:17 localhost sshd[3738]: PAM [error: /lib64/security/pam_pwdfile.so: undefined symbol: pam_get_authtok]
Jun 16 21:40:17 localhost sshd[3738]: PAM adding faulty module: /lib64/security/pam_pwdfile.so
Thanks for the work about this module, it's cool!
There's a little bug here:
When I compiled the code in Centos, it will end up by this error:
/usr/bin/ld: dynamic/pam_pwdfile.o: relocation R_X86_64_32S against `a local symbol' can not be used when making a shared object; recompile with -fPIC
dynamic/pam_pwdfile.o: could not read symbols: Bad value
collect2: ld returned 1 exit status
And I certainly followed the error instruction to add '-fPIC' to replace:
CFLAGS += -D_BSD_SOURCE
by :
CFLAGS += -D_BSD_SOURCE -fPIC
Is that a by design or just a missing of '-fPIC'.
By the way:
The compilation instruction is a little too cost, my way is:
Looking into you code I see
if (!(pwdfile = fopen(pwdfilename, "r"))) {
directly in the PAM module code. This means that if this module is called by non root application (screensaver, su, etc.) it can no be read. And if it can be read, this means it's permissions are world readable which is not good for password files.
I have the same issue with my PAM module and I found that authorization part should be put to a separate NSS module.
Apache's htpasswd uses a slightly different hashing method (signature
It is possible to still use htpasswd with the -d flag, but that leads to less-secure hashes and an 8-character password length limit.
Here is a patch to enable support for Apache-style MD5 passwords in libpam-pwdfile:
https://gist.github.com/powerpiglet/b3b1c9f68afc39faf85d
Any chance you would push an updated version for Ubuntu Precise?
It would be good for security, considering the version available in repository (libpam-pwdfile (0.99-4)) does not support hashes better than md5 and wasn't updated in a long time.
Otherwise, do you know any other Ubuntu/Deb package for reading password files?
Thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.