[strongSwan] xauth-pam with unprivileged user
Claude Tompers
claude.tompers at restena.lu
Wed Jan 16 16:08:15 CET 2013
Hello,
I'm using the xauth-pam module and strongswan runs as unprivileged user
'vpn'.
This failed.
Doing an strace, I found that charon is not permitted to read
/etc/shadow, even when adding user 'vpn' to the group 'shadow' which is
allowed to read the file.
After a little digging, I found that strongswan only looks up the "main
group" of user 'vpn', which in my case is the group 'vpn', but not the
other groups.
Together with a colleague, we wrote a small patch which fixed the issue
for us. I don't know if this is your preferred way addressing this
issue. I attached it to this mail.
kind regards,
Claude
--
Claude Tompers
Ingénieur réseau et système
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: unprivileged-pam.patch
Type: text/x-patch
Size: 1203 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130116/9f03766e/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130116/9f03766e/attachment.pgp>
More information about the Users
mailing list