pam-mysql: password in world readable file?

hydraMax · 12-06-2011, 05:38 AM

I'm not yet a PAM guru (more like a wannabe n00b) but was looking into using pam-mysql in one situation. But something doesn't quite make sense to me: if I use pam-mysql in a PAM config file, then I must include the username and password for the authentication database in the module arguments, correct? But all these PAM files are world-readable, yes? Isn't this an insecure arrangement?

acid_kewpie · 12-07-2011, 04:48 PM

see the "crypt" option. http://pam-mysql.sourceforge.net/Doc...age-readme.php

Nope scratch that, that's the user password still... I really can't find anything about this. I guess you just need to craft a user with the exactly right privileges very carefully. Even saying that though, the module expects to be able to write data... From where I'm sitting, I'd say your concerns are totally justified.