How to properly install PAM?
zappaboy
zappaboy at gmail.com
Fri Nov 25 18:27:34 UTC 2005
You need to configure the software once you build and install it.
You will need to recompile your shadow package to use pam
after you build pam and install pam. Keep a bootable CD handy
that lets you mount your hard disk / in case you make some mistakes.
In /etc/security you should have:
access.conf group.conf limits.conf pam_env.conf time.conf
In /etc/pam.d you should have (ftp and sshd only if you
really have ftp and sshd and they are pam-aware):
chage chsh groupdel newusers shadow useradd
chfn ftp groupmod other sshd userdel
chpasswd groupadd login passwd su usermod
The /etc/security files set policy for the entire pam system,
and the /etc/pam.d files configure the pam stack for each
application. Every pam-aware program will need a file
in /etc/pam.d/ and normally the filename in /etc/pam.d is
the same as the program name, but not always (check
documentation with the program when you build it).
For my system, the /etc/pam.d/login file looks like this with
comments removed:
auth required pam_issue.so issue=/etc/issue
auth requisite pam_securetty.so
auth requisite pam_nologin.so
auth required pam_env.so
auth required pam_unix.so
auth required pam_shells.so
account required pam_access.so
account required pam_unix.so
session required pam_motd.so
session required pam_limits.so
session optional pam_mail.so dir=/var/spool/mail standard
session optional pam_lastlog.so
session required pam_unix.so
password required pam_unix.so md5 shadow
I use the /etc/passwd, /etc/shadow, /etc/group, and /etc/gshadow
files for my user and group maps.
Good luck!
JGH
On 11/23/05, Oleksiy V. Khilkevich <grim at asu.ntu-kpi.kiev.ua> wrote:
> Hi, there!
>
> I use a vanilla linux distribution (CRUX), which doesn't have PAM enabled
> by default.
> What do I need to do in order to properly install LinuxPAM?
> I need the /bin/login program to authentificate through PAM libs.
> I tried about two days to get it working - recompiling and trying
> different progs. It slill doesn't work. No even logs!
> I might missed something. What exactly?
> Is it enough to install a LinuxPAM over a non-pamed system and to get it
> working?
>
> Regards,
> Oleksiy V. Khilkevich
More information about the Pam-list
mailing list