new pam plugin with a suid wrapper

Description

PAM authentication in many cases only works if done by the root user or the user that is authenticating itself.

For example, to read /etc/shadow one has to be root. unix_chkpwd wrapper, created specifically to loosen this requirement, checks that user name matches the current UID. Google-authenticator PAM module reads the data from ~user/ home directory — again, can be only done as root or that user. And so on.

A solution to all these problems could be a small setuid wrapper that pam plugin invokes. Perhaps this wrapper should check that it is invoked as mysql user…

Assignee

Sergei Golubchik

Reporter

Sergei Golubchik

Labels

None

Components

Priority

Minor
Configure