Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 26 Aug 2006 05:38:09 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-users@...ts.openwall.com
Subject: Re: Webmin on Owl (User Management)

On Sat, Aug 26, 2006 at 07:50:26AM +0700, Ihsan wrote:
> I have setup Webmin on Owl (recognize by Webmin as RHEL4). Everything working fine, but I have problem on changing user password where webmin user syncronize to unix password.
> 
> I did successfully login using PAM Authentication as unix (system) user,
> but when I change user password, new password goes to /etc/passwd not to
> /etc/tcb/user/shadow.

Well, it sounds like Webmin tries to update the password files on its
own, not making use of PAM, the shadow suite tools, or passwd(1).

> How to make webmin Owl-friendly

If the above guess is correct, then this will require modifications to
the source code of a Webmin module.  We're willing to look into this if
this work would be paid for.

> or to make Owl Webmin-friendly?

You can read the tcb_unconvert(8) man page - in particular, the tiny
section entitled "THE RETURN TO SHADOW" and the list of actions under
"MIGRATING TO TCB", which you will need to revert.  This is not great
for the security and ease of future upgrades of Owl on your machine, but
perhaps Webmin is bad enough from the security standpoint anyway.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ