-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/10/14 12:40, Phil Mayers wrote:
On 10/03/14 16:23, Mark Haney wrote:
So, now that I have that out of the way, it seems rlm_unix isn't able to read /etc/shadow. I'm assuming the getspnam(username) call is trying to read /etc/shadow? If so, how is the best way to fix this?
Set the permissions on /etc/shadow.
Alternatively, to repeat myself, rlm_pam might work, as PAM has an setuid-root helper to read /etc/shadow.
Good lord, this is just getting kinda silly. So, I suppose I can 'chgrp radiusd /etc/shadow' and set read permissions with 'chmod +r /etc/shadow' and have it work, but everything I see says not to do that. I found a post saying to use the passwd module, but the comments in it say to use either PAM or rlm_unix. I quick check of the comments in rlm_unix say that as of v1.1.0 unix can no longer read of cache /etc/shadow and to use the passwd module. That's some crackerjack documentation. Nothing like running in circles. I suppose PAM it is, but at this point, I'm just telling my boss it'll have to wait to get this working since it's apparently NOT recommended to use Unix passwords in any form but LDAP based on the warning and recommendations in the documentation. I appreciate all the help, despite the tone to the contrary. - -- Mark Haney Network/Systems Administrator Practichem W: (919) 714-8428 Fedora release 20 (Heisenbug) 3.13.4-200.fc20.x86_64 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTHfTUAAoJEM/YzwEAv6e7CZ0H/1bZrz62zLCKWblV98O2Pbl4 ZjSWQafFLip8a2GMquZapa59IHUuUwioubmjdhoBwmKM+X3QNy0RHHjzXlVCFHVB nRlnZVE01vy1IZg1IGLlubmqa575JqjZNdXfKnWruX6Vtzh4j15K7RVNwJjwL2GU p4KmxE0IAh+4LTygka80wGDJfKch5iqfd7JkoSUGRzgSsfd2yMR8noX8pRulxUcq gBh/xwh6CRCBBP2/+lNnt88D7NS1YS5z5JZ6EisDJWH7dQZkxlmJ68Dgym3CSJQ3 Uh44pafOzncVytaxO1j3vzRjcy8glWUae2muyp/MT1khGVbJSBu7GnJmyQIiZLY= =+S4G -----END PGP SIGNATURE-----