are there any newbie guides to PAM administration?

[Nick Owen]

On Dec 11, 2007 10:32 AM, Dan Gahlinger <dgahling at hotmail.com> wrote:
>
>  I've googled as much as I can, read what I can find,
> even read snippets of Oreilly books that have some information covering PAM,
>
> but so far, I have yet to find any really good documentation on where a
> sysadmin can start understanding PAM.
>
> The basics are all there, but I can't find anything on adding or changing
> authentication methods.
>
> Like say you want to add Radius authentication to the system, so local users
> can login via radius.
> just as an example.
>
> there is no documentation on how to do this, and radius docs don't help
> much.
>
> there are some examples from an old version of RedHat about changing the
> /etc/pam.conf but that is obsolete.
>
> None of the examples work, putting the appropriate configurations in
> /etc/pam.d/login or sshd etc
>
> either does nothing, or locks me out.
>
> the examples seem to be in a different format than pam now accepts.
>
> are there any really good resources, or why hasn't there been a PAM book by
> OReilly

I can't say if they are good or not, but we're written a bunch of
how-tos that use pam_radius et al to add two-factor authentication to
various linux services, such as ssh, apache, webmail, webdav, etc:

http://www.wikidsystems.com/documentation/howtos/how-to-secure-ssh-with-wikid-two-factor-authentication/
http://www.wikidsystems.com/documentation/howtos/pamradius/

While we haven't done login, these should translate.  It sounds like
your /etc/login is not configured correctly, which can be very os
specific.  What seems to help me is to run a 'tail -f /var/log/secure'
while logging in to see what problems are occurring.

hth,

nick
-- 
-- 
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication