[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM-warn; [remote: ?nobody@?nowhere]



On Fri, Nov 02, 2001 at 09:42:23AM -0500, Brian Clark wrote:
> If that is correct, then I'm also guessing I need to create a file
> called popa3d under /etc/pam.d with something like this?

Of course.

> auth       required     /lib/security/pam_unix.so
> auth       required     /lib/security/pam_unix.so shadow use_first_pass

You only need one instance of pam_unix for authentication and you only
need the use_first_pass if you stack another module such as pam_userpass
which is supposed to take the password out of the application.

> account    required     /lib/security/pam_unix.so
> 
> If I'm using md5, does md5 need to be on any of those lines, or is
> that only for applications capable of changing a password?

It's for password changes only.

> Is it preferred to use AUTH_PAM_USERPASS over regular AUTH_PAM?

Yes, but if it's just for your personal use you don't have to bother.

The pam_userpass approach is more consistent, but it's also quite new
and not so well established.  Andrew was going to make pam_userpass an
official Linux-PAM example of using the binary prompts, but for that
to happen some more work is needed.

> In your example for pam_userpass, I see:
> 
> auth       required     /lib/security/pam_userpass.so
> auth       required     /lib/security/pam_pwdb.so shadow use_first_pass
> account    required     /lib/security/pam_pwdb.so
> 
> But I don't have pam_pwdb on the system.

I'm quite sure that you do.  But pam_pwdb really is obsolete, if your
system uses pam_unix by default then go ahead for that instead.

> (Sorry for all the stupid newbie questions; PAM is confusing -- even
> after having read the docs the best I could)

It got all kinds of complexities over the years.

-- 
/sd





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []