[CalendarServer-users] PAM Authentication?
Cyrus Daboo
cdaboo at apple.com
Fri Jan 11 17:27:38 PST 2008
Hi Chris,
--On January 11, 2008 5:04:43 PM -0600 Chris Cleeland
<chris at milodesigns.com> wrote:
>> But to achieve this, the Calendar Server would have to be running as
>> root. The caller of the PAM functions has to be root... I can't
>> think of an easy way around this. Anyone else?
>
> Call out to another daemon that ONLY does the PAM function. Let that
> other program be simple and highly secure, and let it run as root.
Right, that's the right approach.
Another option would be to support SASL and then configure PAM into SASL.
The CMU SASL does have a saslauthd that runs separately and can do PAM, I
believe. You may already be using SASL for other services such as SMTP,
IMAP etc.
--
Cyrus Daboo
More information about the calendarserver-users
mailing list