The configuration manual tells me to just compile gitea with PAM and give it access to /etc/shadow.
I thought PAM was supposed to be the solution that services don’t have access to sensitive files? Sadly I also could not get it to work with a file in /etc/pam.d/gitea and the standard authentication includes:
@include common-account @include common-session @include common-auth
What do I have to do to be able to auth with pam without giving Gitea access to /etc/shadow?
Gitea apparently uses https://github.com/msteinert/pam – but apparently this is just a wrapper around the C bindings for PAM? Why doesn’t this work then?
These are the errors I get in /var/log/auth.log:
Feb 14 16:03:31 unix_chkpwd: check pass; user unknown Feb 14 16:03:31 unix_chkpwd: password check failed for user (helix) Feb 14 16:03:31 gitea: pam_unix(gitea:auth): authentication failure; logname= uid=120 euid=120 tty= ruser= rhost= user=helix
Thank you for your assistance in advance