LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   is PAM replacing Shadow (https://www.linuxquestions.org/questions/slackware-14/is-pam-replacing-shadow-4175675795/)

dalacor 05-24-2020 05:03 AM
is PAM replacing Shadow
 
I was trialing out creating a minimal install of Slackware this weekend and unfortunate timing of Pam release in latest updates resulted in a situation where when I upgraded Slackware for the first time, I could not login again.

I have fixed all that by installing the necessary packages. So that is sorted.

But it got me wondering exactly what PAM will do in future as I don't need active directory authentication, kerberor or linking up with any other system which I believe is what PAM is about. I just use Slackware as an Internet Filtering Proxy server for the one build and as a firewall for the other build.

So all I have is Slackware installed without X windows (so no x, xap, tcl, y packages) and I mostly login via putty or connect via hypver-v on host machine for the Slackware installs that I have running in a VM. One of my future jobs is to setup putty to use certificates to login instead of typing in the password.

At the moment, PAM does not seem to affect anything, but I don't know whether my putty login, certificates and the way I create user accounts will need to change in future to use PAM - or will shadow just take advantage of PAM functionality and we just continue to use Shadow?

Alien Bob 05-24-2020 05:18 AM
Shadow is still being used, no worries. Pam is just a connector through to the regular shadow authentication. Your account and your password are still managed in /etc/passwd /etc/group and /etc/shadow .
Actually the shadow package adds a lot of files to /etc/pam.d/ .

dalacor 05-24-2020 05:40 AM
That's good to know. I had a feeling this was the case. As you say, PAM is more about adding modular functionality to the existing system. However, I wonder if it makes sense to require the latest version of Shadow to need the Pam dependencies - if you are not using PAM for anything! Like other people I was caught off guard missing the libtirpc library that I did not have installed.

GazL 05-24-2020 05:51 AM
Quote:
Originally Posted by dalacor (Post 6126600)
I wonder if it makes sense to require the latest version of Shadow to need the Pam dependencies
Unfortunately, that's not the way shadow is written. Instead of the PAM modules being in addition to the existing functionality, they replace it. Nothing we can do about that.

dalacor 05-24-2020 06:43 AM
I suppose it makes sense to make it integrated instead of an addon - it always works better if it is built into the package, rather than being a plugin as it were.

elcore 05-24-2020 11:21 PM
Quote:
Originally Posted by dalacor (Post 6126626)
I suppose it makes sense to make it integrated instead of an addon - it always works better if it is built into the package, rather than being a plugin as it were.
Yes of course, that is why nouveau is built-in to kernel and not built as a module. (IIRC it's always been a module for a good reason)
Seriously, how exactly does software with forced feature work better than software with optional feature?


All times are GMT -5. The time now is 05:56 PM.