"Michael A. Dietz" wrote: > > On Mon, 28 Aug 2000, Matthew Copeland wrote: > > > I am working with a pared down redhat installation, and I am > > attempting to get PAM working again, but I can't seem to find what I am > > missing. I currently have /etc/pam.d/ configured with the following. > > > > /etc/pam.d > > other > > system-auth > > > > > > /etc/pam.d/other > > auth required pam_unix_auth.so > > account required pam_unix_acct.so > > password required pam_unix_passwd.so > > session required pam_unix_session.so > For security reasons your pam.d/other should look like: > #%PAM-1.0 > auth required /lib/security/pam_deny.so > account required /lib/security/pam_deny.so > password required /lib/security/pam_deny.so > session required /lib/security/pam_deny.so > > system-auth is fine but probably isn't used by anything unless you are > using pam_stack... > > > /etc/pam.d/system-auth > > #%PAM-1.0 > > # This file is auto-generated. > > # User changes will be destroyed the next time authconfig is run. > > auth sufficient /lib/security/pam_unix.so likeauth nullok md5 > > shadow > > auth required /lib/security/pam_deny.so > > account sufficient /lib/security/pam_unix.so > > account required /lib/security/pam_deny.so > > password required /lib/security/pam_cracklib.so retry=3 > > password sufficient /lib/security/pam_unix.so nullok use_authtok > > md5 shadow > > password required /lib/security/pam_deny.so > > session required /lib/security/pam_unix.so > > > > > > This will work fine, but as soon as I add passwd to /etc/pam.d with the > > contents below I can't get passwd to work. It gives me the error > > "passwd: User not known to the underlying authentication module". Most > > of the other PAM services die when I add there respective services also. > > That's probably because you were using a misconfigured other file... > > > > > /etc/pam.d/passwd > > #%PAM-1.0 > > auth required pam_pwdb.so shadow nullok > > account required pam_pwdb.so > > password required pam_cracklib.so retry=3 > > password required pam_pwdb.so use_authtok nullok md5 shadow > > > > > > I've copied all the files from /lib/security, /etc/security, and > > /lib/libpam* over to the new system. Any suggestions? If you need more > > information about something in particular, feel free to ask. > > Copy the files from /etc/pam.d/login sshd ftp or whatever services you use > over to the new box. (or reinstall the rpm). Verify your passwd and > shadow files exist and are not corrupt. Actually, this is exactly what I did. All the files orginally come from a stock /etc/pam.d/ redhat 6.2 install. I used the other file /etc/pam.d/other for the other file when I was trying to get it working early on without any luck ever getting it working that way. I changed it so that I could at least see if I could get it working without that, which it will. I went ahead and changed the other file to what you had just to make sure, but unfortunatly, that doesn't fix the problem. Any other ideas? Matthew M. Copeland
