LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-22-2005, 08:07 AM   #1
ravee
Member
 
Registered: Jan 2005
Location: India
Distribution: Fedora Core 2
Posts: 83

Rep: Reputation: 15

Since you are on the topic of PAM, guys, is there an easy way of configuring pam in linux? In redhat, if you change any values in the /etc/pam.d/authconfig file, and run authconfig command, the changes get overwritten.

Any way to restrict that ?

I have tried using chattr and set the immutable bit which worked. But I am looking for a more elegant solution.

Thanks

Last edited by unSpawn; 10-22-2005 at 08:37 AM.
 
Old 10-22-2005, 08:08 AM   #2
ravee
Member
 
Registered: Jan 2005
Location: India
Distribution: Fedora Core 2
Posts: 83

Original Poster
Rep: Reputation: 15
Sorry,
I meant the /etc/pam.d/system-auth file . not the /etc/pam.d/authconfig file .
 
Old 10-22-2005, 08:50 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,017
Blog Entries: 54

Rep: Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764Reputation: 2764
*Also next time use "edit post", then you don't need to post again just to correct yourself.

In redhat, if you change any values in the /etc/pam.d/authconfig file, and run authconfig command, the changes get overwritten.
Please be more specific: what changes?

There's two ways I can think of. I *always* keep config files in a versioning system. That way I can diff & patch if necessary. Isn't "elegant" though and it requires manual intervention. Second way *could be* to use inclusion in system-auth the same way it is used in other services. Say you want to handle passwds yourself and change the system-auth line to read
Code:
password    sufficient    pam_stack.so service=system-auth-password
Then fille new file /etc/pam.d/system-auth-password with this:
Code:
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5 shadow
save and chattr it. Haven't tried it, but it sounds like it could work. If you have a go at it, please report back if it works.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
A question on installing Linux-PAM-0.80 satimis Linux From Scratch 2 08-24-2005 08:49 AM
vsftpd + pam + virtual users - Pam cannot load database file. mdkelly069 Linux - Networking 3 09-22-2004 11:07 PM
configuring pam digsby0007 Linux - Software 0 08-11-2004 01:04 PM
Using PAM with FreeBSD? New Linux user please help!! urBan_dK *BSD 7 07-22-2004 01:09 PM
Configuring /etc/pam.d/passwd module plexus Linux - Security 2 05-25-2004 07:55 PM


All times are GMT -5. The time now is 11:40 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration