Re: what is up with /etc/pam.d?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, 24 Jun 2012 07:14:03 -0400, Tom Horsley wrote:

> I've never looked at or modified any files in /etc/pam.d
> till I happened to notice some *.rpmnew files in there.
> 
> Now I see a bunch of files that are symlinks to
> other files with -ac on the end, but also have
> versions that are *.rpmnew.
> 
> rpm queries show that the pam rpm owns the
> files without the -ac and the authconfig rpm
> owns the ones with the -ac suffix.
> 
> So now, what should really be in /etc/pam.d?
> 
> [root@zooty pam.d]# pwd
> /etc/pam.d
> [root@zooty pam.d]# ls -l smartcard-auth*
> lrwxrwxrwx. 1 root root  17 May 31 17:02 smartcard-auth -> smartcard-auth-ac
> -rw-r--r--. 1 root root 754 May 31 17:25 smartcard-auth-ac
> -rw-r--r--  1 root root 743 May  9 05:21 smartcard-auth.rpmnew
> [root@zooty pam.d]# rpm -q -f /etc/pam.d/smartcard-auth              
> pam-1.1.5-6.fc17.x86_64
> [root@zooty pam.d]# rpm -q -f /etc/pam.d/smartcard-auth-ac           
> authconfig-6.2.1-1.fc17.x86_64

A side-effect of "pam" package updates recognizing the symlinks
as modified config files and therefore refusing to replace them.

# rpmls pam|grep -e etc/p
drwxr-xr-x  /etc/pam.d
-rw-r--r--  /etc/pam.d/config-util
-rw-r--r--  /etc/pam.d/fingerprint-auth
-rw-r--r--  /etc/pam.d/other
-rw-r--r--  /etc/pam.d/password-auth
-rw-r--r--  /etc/pam.d/postlogin
-rw-r--r--  /etc/pam.d/smartcard-auth
-rw-r--r--  /etc/pam.d/system-auth

"pam" contains the files, not the symlinks.

# diff -u smartcard-auth-ac smartcard-auth.rpmnew|grep -v '^[ ]'
--- smartcard-auth-ac	2012-04-13 13:25:00.949090013 +0200
+++ smartcard-auth.rpmnew	2012-05-09 11:21:13.000000000 +0200
@@ -2,15 +2,15 @@
-auth        [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card card_only
+auth        [success=done ignore=ignore default=die] pam_pkcs11.so wait_for_card
-account     sufficient    pam_succeed_if.so uid < 1000 quiet
+account     sufficient    pam_succeed_if.so uid < 500 quiet
-password    required      pam_pkcs11.so
+password    optional      pam_pkcs11.so

The UID in the .rpmnew file would be incorrect for Fedora >= 16.

The -ac files from authconfig are those which to use by symlinking them.

-- 
Fedora release 17 (Beefy Miracle) - Linux 3.4.3-1.fc17.x86_64
loadavg: 0.89 0.37 0.17
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux