In message <_A3053@delegate-en.ML_> on 08/12/05(20:00:02)
you Armin Wies <p44fqbdyi-mykgh4ytkstw.ml@delegate.org> wrote:
 |I included the patch, but somehow -pam does not work for me:
...
 |08/12 12:47:12.35 [5231] 1+3: [0.00,-1][AUTH cache-NONE] /var/spool/delegate-nobody/adm/authorizer/passwd.-.pam/1a109d2d88542b556d78fa819962960b-cache
 |08/12 12:47:12.54 [5231] 1+3: ## dgpam -a passwd dgadmin = HTTP/1.0 401^M
 |08/12 12:47:12.54 [5231] 1+3: ## Auth/PAM = -1 <dgadmin:****@-passwd.-.pam>
 |08/12 12:47:12.54 [5231] 1+3: AUTHORIZER=-pam host=[-pam] user=[dgadmin] -> NO

PAM authentication not for the owner user of DeleGate process requires
to be executed in super user ownership.  So one of followings will
solve the problem:

 - run the DeleGate with OWNER=dgadmin
 - run the DeleGate with OWNER=YourOwn and use YourOwn instead of "dgadmin"
 - install external dgpam with setuid flag on and owned by root user,
   doing "make install" in ./subin (recommended)
 - run the DeleGate with OWNER=root (not recommended)

I myself never execute DeleGate under root ownership.  With subin/dgpam
and others installed, DeleGate can do PAM, chroot() and bind() which
requires privilege as normal user.  For example, PAM authentication works
with subin/dgpam as follows:

08/13 06:03:09.81 [13097] 1+0: [0.00,105582][AUTH cache-EXPIRED: 105613 > 7] /home/me/delegate/adm/authorizer/passwd.-.pam/a90f8549157c6e1c874463fb66133b30-cache
08/13 06:03:09.82 [13097] 1+0: ## dgpam = /home/me/delegate/subin/dgpam
## pam_authenticate [passwd][root] = 0
08/13 06:03:10.04 [13097] 1+0: ## dgpam -a passwd root = HTTP/1.0 200^M
08/13 06:03:10.04 [13097] 1+0: ## Auth/PAM = 0 <root:****@-passwd.-.pam>
08/13 06:03:10.04 [13097] 1+0: ##[doAUTH] set ClientAuth [root@-pam]

Cheers,
Yutaka
--
  D G   Yutaka Sato <pfqcabdyi-mykgh4ytkstw.ml@delegate.org> http://delegate.org/y.sato/
 ( - )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller