FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux General Discussion

 
 
LinkBack Thread Tools
 
Old 07-02-2012, 04:47 PM
Tom Gundersen
 
Default shadow upgrade 4.1.5.1-1. /pam configuration files

Leaving the old file in place should work. Also replacing it with the new
one should work. I guess you did something in between?
On Jul 2, 2012 5:27 PM, "Arno Gaboury" <arnaud.gaboury@gmail.com> wrote:

> Dear list,
>
> I messed up my box yesterday when upgrading shadow, and trying to
> understand and merge /etc/pam.d/login with login.pacnew.
>
> I thought it was worth adding the four lines of login.pacnew to my actual
> login file. But in this case, I found myself with a box login one user, me,
> on two Tty, asking for the password twice at the console login prompt, then
> when X started, all GUI apps were very long to diplay contents, and when I
> loged off/loged in, I could see I had two last login on Tty messages . So
> I reverted to my original /etc/pam.d/login. Now everything is OK, but I am
> wondering if this denial of taling into account the login.pacnew would
> leave my system unstable.
>
> TY for help and hints, as PAM and shadow are both quite obscure to me when
> it comes to configure.
> Below is my actual /ect/pam.d/login . Not sure it is well configured !
>
> #%PAM-1.0
>> #root is NOT allowed to login
>> auth required pam_securetty.so
>> #check user is allowed to login
>> auth requisite pam_nologin.so
>> #auth include system-local-login
>> #default aut settings
>> #auth include system-auth
>> auth required pam_unix.so shadow nullok
>> auth required pam_tally.so onerr=succeed
>> file=/var/log/faillog
>> # use this to lockout accounts for 10 minutes after 3 failed attempts
>> #auth required pam_tally.so deny=2 unlock_time=600
>> onerr=succeed file=/var/log/faillog
>> #account include system-local-login
>> # include the default account settings
>> #account include system-account
>> #check access for user
>> account required pam_access.so
>> account required pam_time.so
>> account required pam_unix.so
>> #password required pam_cracklib.so difok=2 minlen=8 dcredit=2
>> ocredit=2 retry=3
>> #password required pam_unix.so sha512 shadow use_authtok
>> #session include system-local-login
>> session required pam_unix.so
>> #set default environment for user
>> session required pam_env.so
>> session required pam_motd.so
>> session required pam_limits.so
>> session optional pam_mail.so dir=/var/spool/mail standard
>> session optional pam_lastlog.so
>> session optional pam_loginuid.so
>> -session optional pam_ck_connector.so nox11
>> -session optional pam_systemd.so
>>
>
>
 
Old 07-02-2012, 04:56 PM
Arno Gaboury
 
Default shadow upgrade 4.1.5.1-1. /pam configuration files

On 07/02/2012 06:47 PM, Tom Gundersen wrote:

Leaving the old file in place should work. Also replacing it with the new
one should work. I guess you did something in between?
On Jul 2, 2012 5:27 PM, "Arno Gaboury" <arnaud.gaboury@gmail.com> wrote:


Dear list,

I messed up my box yesterday when upgrading shadow, and trying to
understand and merge /etc/pam.d/login with login.pacnew.

I thought it was worth adding the four lines of login.pacnew to my actual
login file. But in this case, I found myself with a box login one user, me,
on two Tty, asking for the password twice at the console login prompt, then
when X started, all GUI apps were very long to diplay contents, and when I
loged off/loged in, I could see I had two last login on Tty messages . So
I reverted to my original /etc/pam.d/login. Now everything is OK, but I am
wondering if this denial of taling into account the login.pacnew would
leave my system unstable.

TY for help and hints, as PAM and shadow are both quite obscure to me when
it comes to configure.
Below is my actual /ect/pam.d/login . Not sure it is well configured !

#%PAM-1.0

#root is NOT allowed to login
auth required pam_securetty.so
#check user is allowed to login
auth requisite pam_nologin.so
#auth include system-local-login
#default aut settings
#auth include system-auth
auth required pam_unix.so shadow nullok
auth required pam_tally.so onerr=succeed
file=/var/log/faillog
# use this to lockout accounts for 10 minutes after 3 failed attempts
#auth required pam_tally.so deny=2 unlock_time=600
onerr=succeed file=/var/log/faillog
#account include system-local-login
# include the default account settings
#account include system-account
#check access for user
account required pam_access.so
account required pam_time.so
account required pam_unix.so
#password required pam_cracklib.so difok=2 minlen=8 dcredit=2
ocredit=2 retry=3
#password required pam_unix.so sha512 shadow use_authtok
#session include system-local-login
session required pam_unix.so
#set default environment for user
session required pam_env.so
session required pam_motd.so
session required pam_limits.so
session optional pam_mail.so dir=/var/spool/mail standard
session optional pam_lastlog.so
session optional pam_loginuid.so
-session optional pam_ck_connector.so nox11
-session optional pam_systemd.so



I first tried to replace my login file by the *login.pacnew*. But result
was a mess. I then try to add the four lines to my file. Was a mess too,
as according to me it created a kind of double login (2 Tty), I don't
know why.

Now back to the original one.

The five lines from *login.pacnew* are these following ones:


auth required pam_securetty.so
auth requisite pam_nologin.so
auth include system-local-login
account include system-local-login
session include system-local-login
The first two ones were already on my system, and I kept away the ones
with *system-local-login*. BTW, I couldn't find any reference about
these 3 lines, even on *red-hat* and *LFS* , which present good
documentation about configuring *shadow *and *pam.d* folder.
 

Thread Tools




All times are GMT. The time now is 03:05 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org