Is there an easy way of configuring pam in linux?

ravee · 10-22-2005, 08:07 AM

Since you are on the topic of PAM, guys, is there an easy way of configuring pam in linux? In redhat, if you change any values in the /etc/pam.d/authconfig file, and run authconfig command, the changes get overwritten.

Any way to restrict that ?

I have tried using chattr and set the immutable bit which worked. But I am looking for a more elegant solution.

Thanks

ravee · 10-22-2005, 08:08 AM

Sorry,
I meant the /etc/pam.d/system-auth file . not the /etc/pam.d/authconfig file .

unSpawn · 10-22-2005, 08:50 AM

*Also next time use "edit post", then you don't need to post again just to correct yourself.

In redhat, if you change any values in the /etc/pam.d/authconfig file, and run authconfig command, the changes get overwritten.
Please be more specific: what changes?

There's two ways I can think of. I *always* keep config files in a versioning system. That way I can diff & patch if necessary. Isn't "elegant" though and it requires manual intervention. Second way *could be* to use inclusion in system-auth the same way it is used in other services. Say you want to handle passwds yourself and change the system-auth line to read

Code:

password    sufficient    pam_stack.so service=system-auth-password

Then fille new file /etc/pam.d/system-auth-password with this:

Code:

password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5 shadow

save and chattr it. Haven't tried it, but it sounds like it could work. If you have a go at it, please report back if it works.