How to properly install PAM?

zappaboy zappaboy at gmail.com
Fri Nov 25 18:27:34 UTC 2005 

You need to configure the software once you build and install it.
You will need to recompile your shadow package to use pam
after you build pam and install pam.  Keep a bootable CD handy
that lets you mount your hard disk / in case you make some mistakes.

In /etc/security you should have:

access.conf group.conf limits.conf pam_env.conf time.conf

In /etc/pam.d you should have (ftp and sshd only if you
really have ftp and sshd and they are pam-aware):

chage     chsh      groupdel  newusers  shadow  useradd
chfn      ftp       groupmod  other     sshd    userdel
chpasswd  groupadd  login     passwd    su      usermod

The /etc/security files set policy for the entire pam system,
and the /etc/pam.d files configure the pam stack for each
application.  Every pam-aware program will need a file
in /etc/pam.d/ and normally the filename in /etc/pam.d is
the same as the program name, but not always (check
documentation with the program when you build it).

For my system, the /etc/pam.d/login file looks like this with
comments removed:

auth        required       pam_issue.so    issue=/etc/issue
auth        requisite      pam_securetty.so
auth        requisite      pam_nologin.so
auth        required       pam_env.so
auth        required       pam_unix.so
auth        required       pam_shells.so
account     required       pam_access.so
account     required       pam_unix.so
session     required       pam_motd.so
session     required       pam_limits.so
session     optional       pam_mail.so     dir=/var/spool/mail standard
session     optional       pam_lastlog.so
session     required       pam_unix.so
password required pam_unix.so md5 shadow

I use the /etc/passwd, /etc/shadow, /etc/group, and /etc/gshadow
files for my user and group maps.

Good luck!

JGH

On 11/23/05, Oleksiy V. Khilkevich <grim at asu.ntu-kpi.kiev.ua> wrote:
> Hi, there!
>
> I use a vanilla linux distribution (CRUX), which doesn't have PAM enabled
> by default.
> What do I need to do in order to properly install LinuxPAM?
> I need the /bin/login program to authentificate through PAM libs.
> I tried about two days to get it working - recompiling and trying
> different progs. It slill doesn't work. No even logs!
> I might missed something. What exactly?
> Is it enough to install a LinuxPAM over a non-pamed system and to get it
> working?
>
> Regards,
> Oleksiy V. Khilkevich

More information about the Pam-list mailing list