Hi guys,
The configuration manual tells me to just compile gitea with PAM and give it access to /etc/shadow.
https://docs.gitea.io/en-us/authentication/#pam-pluggable-authentication-module
I thought PAM was supposed to be the solution that services don’t have access to sensitive files? Sadly I also could not get it to work with a file in /etc/pam.d/gitea and the standard authentication includes:
@include common-account
@include common-session
@include common-auth
What do I have to do to be able to auth with pam without giving Gitea access to /etc/shadow?
Gitea apparently uses https://github.com/msteinert/pam – but apparently this is just a wrapper around the C bindings for PAM? Why doesn’t this work then?
These are the errors I get in /var/log/auth.log:
Feb 14 16:03:31 unix_chkpwd[13957]: check pass; user unknown
Feb 14 16:03:31 unix_chkpwd[13957]: password check failed for user (helix)
Feb 14 16:03:31 gitea: pam_unix(gitea:auth): authentication failure; logname= uid=120 euid=120 tty= ruser= rhost= user=helix
Thank you for your assistance in advance