unable to login

Mike Beattie mike.beattie at otago.ac.nz
Wed Jul 7 15:45:22 EDT 2004

On Wed, Jul 07, 2004 at 10:47:39AM -0700, Wil Cooley wrote:
> No, saslauthd runs as root--it's role is to provide authentication
> services, often for PAM or shadow authentication, which requires root
> access.  It's a much better solution than creating a 'shadow' group and
> making /etc/shadow readable by it and putting cyrus into that group.

And I hate to point out, but then, if a malicious user manages to find a
flaw in cyrus they could hypothetically use that flaw to get a copy of
/etc/shadow. (If I'm mistaken, *please* correct me)

Only the second worst thing after actually getting a root shell, IMO.

Mike Beattie  <mike.beattie at otago.ac.nz>     UNIX Systems Engineer, ITS
Ph: +64 3 479 8597       Fax: +64 3 479 5080      Cell: +64 27 44 80386
* Opinions expressed are my own, not those of the University of Otago *
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list