Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does PAM modules really require root? #90

Open
JensRantil opened this issue Mar 14, 2016 · 2 comments
Open

Does PAM modules really require root? #90

JensRantil opened this issue Mar 14, 2016 · 2 comments

Comments

@JensRantil
Copy link

These two pages claim that root user privileges is required to authenticate against PAM:

Are you really sure this is required? AFAIK, the process must have read access to:

  1. The Yubikey mapping file.
  2. /etc/shadow for unix authentication. On Ubuntu this involves assigning the shadow group to the process's user.

I just provisioned a non-root process (not FreeRadius) to authenticate with Yubikey and it worked fine as long as I fixed the above privileges.
@klali
Copy link
Member

klali commented Mar 15, 2016

This documentation is quite old and might have errors.
If you've gone through this recently we'd be very happy to merge pull requests making the documentation better (the pages at developers.yubico.com are autogenerated from the doc folder of this repo).

@JensRantil
Copy link
Author

Unfortunately, I am rather busy with other things. At least now you know that the documents aren't following best-practises when it comes to FreeRadius configuration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@klali @JensRantil