On Fri, 9 Feb 2001, Chris Withers wrote:
Darrick,
Didn't you do something with PAM?
I made a rather *nasty* PAM hack out of etcUserFolder. Unfortunately, there are two small problems with it--1) either Zope has to be run as root so that libpam can parse /etc/shadow (nasty) or 2) /etc/shadow has to be group readable by the Zope process (somewhat less nasty but still nasty). Eventually I'll probably rewrite it to make calls to a setuid program. (Just as soon as I figure out how to write a program that verifies passwords without segfaulting). If anybody really *wants* to look at my pamUserFolder code and improve it, etc, I'll be happy to post it somewhere. Oh yeah--as of right now it is not 100% PAM--to get a list of users, it reads /etc/passwd. I agree, that's nasty and probably against the design philosophy of PAM, so if anybody knows how to ask PAM for a user list, I'd appreciate it very much. --Darrick Wong