PAM configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



To stem the tide of support requests from people who don't read the
INSTALL file when installing OpenSSH and then complain about password
auth failing. I am considering the idea of automagically installing a
PAM file into /etc/pam.d if it exists, PAM support is enabled and no 
such file already exists.

I have a couple of questions:

- How is PAM controlled on Solaris? Is there a pam.d directory or does
it just use pam.conf? Do we need to install a control file for OpenSSH?

- Does FreeBSD and other systems where PAM is a port or addon still 
use /etc/pam.d?

- Some PAM control files specifiy full paths to the modules, is this 
necessary?

- I want a "no-frills" control file which will work with the widest 
range of systems and still be secure. Would something like the following
work everywhere? I assume pam_unix is pretty standards, but how about 
pam_cracklib, pam_nologin and pam_limits? 

I don't really want to ship without pam_cracklib in for password
changes (since that is what most sites use as default). Can password 
changing be disabled using pam_deny?

#%PAM-1.0
auth       required     pam_unix.so shadow nodelay
auth       required     pam_nologin.so
account    required     pam_unix.so
password   required     pam_cracklib.so
password   required     pam_unix.so shadow md5 nullok use_authtok
session    required     pam_unix.so
session    required     pam_limits.so

-d

-- 
| ``We've all heard that a million monkeys banging on | Damien Miller -
| a million typewriters will eventually reproduce the | <djm@mindrot.org>
| works of Shakespeare. Now, thanks to the Internet, / 
| we know this is not true.'' - Robert Wilensky UCB / http://www.mindrot.org







[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux