[rhelv6-list] Pam config and ssh access

Prentice Bisbal prentice at ias.edu
Tue Mar 8 22:33:09 UTC 2011 

This is because RHEL6 now supports other mechanisms for authenticating 
besides passwords. If you do an 'ls /etc/pam.d/', you'll see there are 
now files for fingerprint-auth, and smartcard-auth, so you can use those 
mechanisms, too.

Presumably, this makes it more modular and easier to have certain 
services use different mechanisms

The original poster should leave the password-auth entry as-is, and then 
make whatever changes are necessary to the password-auth file. At least 
I think that's the recommended way of doing things now.

I just checked on my system, and password-auth and system-auth have the 
same contents, but are two separate files:

$ md5sum password-auth system-auth
0534aba4c658c75dc75f23f7524943ef  password-auth
0534aba4c658c75dc75f23f7524943ef  system-auth

$ ls -l password-auth system-auth
-rw-r--r--. 1 root root 1330 Mar  7 17:41 password-auth
-rw-r--r--. 1 root root 1330 Mar  7 17:43 system-auth

--
Prentice



On 03/08/2011 11:59 AM, Collins, Kevin [BEELINE] wrote:
> I don't know the exact reasoning, but RHEL6 seems to have introduced another "include" file. If you compare the entries between RHEL5 and RHEL6 you see:
>
> RHEL6.0:
>
> auth       include      password-auth
> account    include      password-auth
> password   include      password-auth
> session    include      password-auth
>
> RHEL5.5:
>
> auth       include      system-auth
> account    include      system-auth
> password   include      system-auth
> session    include      system-auth
>
> The content of password-auth is very similar to system-auth...
>
> Hope that helps!
>
> Kevin
>
> -----Original Message-----
> From: rhelv6-list-bounces at redhat.com [mailto:rhelv6-list-bounces at redhat.com] On Behalf Of Richard Smits
> Sent: Thursday, March 03, 2011 4:39 AM
> To: rhelv6-list at redhat.com
> Subject: [rhelv6-list] Pam config and ssh access
>
> Hello,
>
> We had an issue today what gave us some questions. I hope someone can
> explain this.
> We use Samba/Winbind for ssh access to a server. The required account is
> in our Active directory.
> Normal in Redhat v5 the file : /etc/pam.d/sshd contains the following line :
> ---
> auth       include      system-auth
> ---
> Now in version 6 we saw that this line was removed. We placed it back again.
> But can you please tell me why this line was not present anymore ? Is
> this a security risk ?
>
> Greetings .. Richard Smits
>
> _______________________________________________
> rhelv6-list mailing list
> rhelv6-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rhelv6-list
>
> _______________________________________________
> rhelv6-list mailing list
> rhelv6-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rhelv6-list
>

More information about the rhelv6-list mailing list