Mark Jones wrote:
Was there any particular reason to remove the ability to specify what passwd and shadow file to use with the unix module?
It didn't work on some systems, and it duplicated the functionality of the "passwd" module.
Unless I misunderstand. the unix module can me used in the authenticate section where the passwd module can only be used in the authorize section.
Exactly. The "passwd" module is essentially a simple database. Databases don't do authentication. You're probably forcing Auth-Type to each of the individual unix modules in 1.1.x. In 2.x, you don't need to do this. Just list the various "passwd" modules in the "authorize" section, and be sure that the "pap" module is listed last. Then, the server will figure it out. You can even do that in 1.1.4 or later. Just ensure that "pap" is listed last in "authorize", that it's also in "authenticate". Then, delete of the places where you set Auth-Type to the various unix modules. And in 2.x, the "authenticate" method has been removed from the "unix" module. So don't use "unix" for authentication. Use pap. Alan DeKok.