Checking if PAM is used by login
Tobias Schaefer
T.Schaefer at science-computing.de
Tue Jun 26 13:07:32 UTC 2007
Hi,
> I don't follow you. PAM is not a service but a library (with plugins in
> the form of shared objects - .so files). You don't simply disable PAM.
> Take the /bin/login program - it is used for login at the console. Try to
> run ldd /bin/login and see that this program is linked with libpam.so.
> Then check /etc/pam.d/login to see how login is using PAM.
on the other hand sshd could stop PAM authentication due to a
configuration change. The library would still be linked in, but its code
would no longer be executed. (The same could happen with apache and other
programs.)
You could configure a logging module into the PAM stack. Some 10 years ago
I wrote such a module to debug PAM problems. The module is still available
via http://www.rz.uni-hohenheim.de/~schaefer/linux/pam/index.html. But it
probably won't compile out of the box since it was only tested with Linux
distributions that have long since passed away.
Tobias
--
Tobias Schaefer Phone 07071-9457-406
science + computing ag FAX 07071-9457-411
Hagellocher Weg 73
D-72070 Tuebingen Email: T.Schaefer at science-computing.de
WWW: http://www.science-computing.de/
--
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Dr. Florian Geyer,
Dr. Roland Niemeier, Dr. Arno Steitz, Dr. Ingrid Zech
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Prof. Dr. Hanns Ruder
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196
More information about the Pam-list
mailing list