On Mon, 28 Aug 2000, Matthew Copeland wrote: > I am working with a pared down redhat installation, and I am > attempting to get PAM working again, but I can't seem to find what I am > missing. I currently have /etc/pam.d/ configured with the following. > > /etc/pam.d > other > system-auth > > > /etc/pam.d/other > auth required pam_unix_auth.so > account required pam_unix_acct.so > password required pam_unix_passwd.so > session required pam_unix_session.so For security reasons your pam.d/other should look like: #%PAM-1.0 auth required /lib/security/pam_deny.so account required /lib/security/pam_deny.so password required /lib/security/pam_deny.so session required /lib/security/pam_deny.so system-auth is fine but probably isn't used by anything unless you are using pam_stack... > /etc/pam.d/system-auth > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > auth sufficient /lib/security/pam_unix.so likeauth nullok md5 > shadow > auth required /lib/security/pam_deny.so > account sufficient /lib/security/pam_unix.so > account required /lib/security/pam_deny.so > password required /lib/security/pam_cracklib.so retry=3 > password sufficient /lib/security/pam_unix.so nullok use_authtok > md5 shadow > password required /lib/security/pam_deny.so > session required /lib/security/pam_unix.so > > > This will work fine, but as soon as I add passwd to /etc/pam.d with the > contents below I can't get passwd to work. It gives me the error > "passwd: User not known to the underlying authentication module". Most > of the other PAM services die when I add there respective services also. That's probably because you were using a misconfigured other file... > > /etc/pam.d/passwd > #%PAM-1.0 > auth required pam_pwdb.so shadow nullok > account required pam_pwdb.so > password required pam_cracklib.so retry=3 > password required pam_pwdb.so use_authtok nullok md5 shadow > > > I've copied all the files from /lib/security, /etc/security, and > /lib/libpam* over to the new system. Any suggestions? If you need more > information about something in particular, feel free to ask. Copy the files from /etc/pam.d/login sshd ftp or whatever services you use over to the new box. (or reinstall the rpm). Verify your passwd and shadow files exist and are not corrupt. > > Matthew M. Copeland > Software Engineer > Honeywell > matthew.copeland@honeywell.com > > > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list > ---------------- Running on Linux 2.4 Michael A. Dietz mad099@dietznet.net
