On Fri, Nov 02, 2001 at 09:42:23AM -0500, Brian Clark wrote: > If that is correct, then I'm also guessing I need to create a file > called popa3d under /etc/pam.d with something like this? Of course. > auth required /lib/security/pam_unix.so > auth required /lib/security/pam_unix.so shadow use_first_pass You only need one instance of pam_unix for authentication and you only need the use_first_pass if you stack another module such as pam_userpass which is supposed to take the password out of the application. > account required /lib/security/pam_unix.so > > If I'm using md5, does md5 need to be on any of those lines, or is > that only for applications capable of changing a password? It's for password changes only. > Is it preferred to use AUTH_PAM_USERPASS over regular AUTH_PAM? Yes, but if it's just for your personal use you don't have to bother. The pam_userpass approach is more consistent, but it's also quite new and not so well established. Andrew was going to make pam_userpass an official Linux-PAM example of using the binary prompts, but for that to happen some more work is needed. > In your example for pam_userpass, I see: > > auth required /lib/security/pam_userpass.so > auth required /lib/security/pam_pwdb.so shadow use_first_pass > account required /lib/security/pam_pwdb.so > > But I don't have pam_pwdb on the system. I'm quite sure that you do. But pam_pwdb really is obsolete, if your system uses pam_unix by default then go ahead for that instead. > (Sorry for all the stupid newbie questions; PAM is confusing -- even > after having read the docs the best I could) It got all kinds of complexities over the years. -- /sd
