LinuxQuestions.org - Is there an easy way of configuring pam in linux?

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Is there an easy way of configuring pam in linux? (https://www.linuxquestions.org/questions/linux-security-4/is-there-an-easy-way-of-configuring-pam-in-linux-375738/)

Since you are on the topic of PAM, guys, is there an easy way of configuring pam in linux? In redhat, if you change any values in the /etc/pam.d/authconfig file, and run authconfig command, the changes get overwritten.

Any way to restrict that ?

I have tried using chattr and set the immutable bit which worked. But I am looking for a more elegant solution.

Thanks

Sorry,
I meant the /etc/pam.d/system-auth file . not the /etc/pam.d/authconfig file .

*Also next time use "edit post", then you don't need to post again just to correct yourself.

In redhat, if you change any values in the /etc/pam.d/authconfig file, and run authconfig command, the changes get overwritten.
Please be more specific: what changes?

There's two ways I can think of. I *always* keep config files in a versioning system. That way I can diff & patch if necessary. Isn't "elegant" though and it requires manual intervention. Second way *could be* to use inclusion in system-auth the same way it is used in other services. Say you want to handle passwds yourself and change the system-auth line to read

Code:

password sufficient pam_stack.so service=system-auth-password

Then fille new file /etc/pam.d/system-auth-password with this:

Code:

password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow

save and chattr it. Haven't tried it, but it sounds like it could work. If you have a go at it, please report back if it works.