LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 11-05-2005, 01:23 PM   #1
darkarcon2015
Member
 
Registered: Jun 2004
Location: Potsdam, NY
Distribution: Fedora Core 6
Posts: 201

Rep: Reputation: 30
PAM and Slackware 10.2


I have been trying to install PAM in Slackware 10.2 and ran into some trouble. I installed Linux-PAM-0.8.1, libselinux-1.26, shadow-4.0.13, and util-linux-2.12r. These have all be installed from source. I followed the instructions on this website: http://linio.boo.pl/eng/slackpam.html and used that config. When I open a virtual terminal and `su', I get the following message:
Code:
su: Authentication failure
configuration error - unknown item 'DIALUPS_CHECK_ENAB' (notify administrator)
configuration error - unknown item 'FAILLOG_ENAB' (notify administrator)
configuration error - unknown item 'LASTLOG_ENAB' (notify administrator)
configuration error - unknown item 'MAIL_CHECK_ENAB' (notify administrator)
configuration error - unknown item 'OBSCURE_CHECKS_ENAB' (notify administrator)
configuration error - unknown item 'PORTTIME_CHECKS_ENAB' (notify administrator)
configuration error - unknown item 'QUOTAS_ENAB' (notify administrator)
configuration error - unknown item 'MOTD_FILE' (notify administrator)
configuration error - unknown item 'FTMP_FILE' (notify administrator)
configuration error - unknown item 'NOLOGINS_FILE' (notify administrator)
configuration error - unknown item 'NOLOGIN_STR' (notify administrator)
configuration error - unknown item 'ENV_HZ' (notify administrator)
configuration error - unknown item 'PASS_MIN_LEN' (notify administrator)
configuration error - unknown item 'SU_WHEEL_ONLY' (notify administrator)
configuration error - unknown item 'PASS_CHANGE_TRIES' (notify administrator)
configuration error - unknown item 'PASS_ALWAYS_WARN' (notify administrator)
configuration error - unknown item 'CHFN_AUTH' (notify administrator)
configuration error - unknown item 'MD5_CRYPT_ENAB' (notify administrator)
configuration error - unknown item 'ENVIRON_FILE' (notify administrator)
Sorry.
Thanks for any help.
 
Old 11-06-2005, 06:18 AM   #2
Franklin
Senior Member
 
Registered: Oct 2002
Distribution: Slackware, Windows 7
Posts: 1,258

Rep: Reputation: 62
I googled one of the errors and found this:

http://lists.pld.org.pl/mailman/pipe...il/000097.html

This seems like it might point you in the right direction.

HTH
 
Old 11-06-2005, 07:53 AM   #3
Thanotos
Member
 
Registered: Oct 2005
Location: Nanaimo, BC. ~CANADA~
Posts: 70

Rep: Reputation: 15
Just getting into Slack, but was doing some reading and came across this.

It may be a good read for you.


Slackware guide for AMP Apache MySQL and PHP

http://www.linuxquestions.org/questi...icle&artid=456
Posted by: xushi on 04-16-2005.
 
Old 11-08-2005, 05:28 PM   #4
darkarcon2015
Member
 
Registered: Jun 2004
Location: Potsdam, NY
Distribution: Fedora Core 6
Posts: 201

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by Thanotos
Just getting into Slack, but was doing some reading and came across this.

It may be a good read for you.


Slackware guide for AMP Apache MySQL and PHP

http://www.linuxquestions.org/questi...icle&artid=456
Posted by: xushi on 04-16-2005.
Unfortunately, I don't see the relevance between AMP (Apache, MySQL, PHP) and PAM (Pluggable Authentication Modules)...

To the first reply, thanks for the information. But, I don't seem to have a login.defs file...

Also: if Slackware doesn't use PAM to authenticate, what does it use?

Last edited by darkarcon2015; 11-08-2005 at 05:45 PM.
 
Old 11-08-2005, 06:10 PM   #5
Franklin
Senior Member
 
Registered: Oct 2002
Distribution: Slackware, Windows 7
Posts: 1,258

Rep: Reputation: 62
Quote:
Also: if Slackware doesn't use PAM to authenticate, what does it use?
What I took away from the link was that slack uses shadow, so when you use PAM you need to disable the options in your /etc/login.defs file.

Mine looks like this:
Code:
#
# /etc/login.defs - Configuration control definitions for the login package.
#
#	$Id: login.defs.linux,v 1.12 2000/08/26 18:27:10 marekm Exp $
#
# Three items must be defined:  MAIL_DIR, ENV_SUPATH, and ENV_PATH.
# If unspecified, some arbitrary (and possibly incorrect) value will
# be assumed.  All other items are optional - if not specified then
# the described action or option will be inhibited.
#
# Comment lines (lines beginning with "#") and blank lines are ignored.
#
# Modified for Linux.  --marekm

#
# Delay in seconds before being allowed another attempt after a login failure
#
FAIL_DELAY		3

#
# Enable additional passwords upon dialup lines specified in /etc/dialups.
#
DIALUPS_CHECK_ENAB	yes

#
# Enable logging and display of /var/log/faillog login failure info.
#
FAILLOG_ENAB		yes

#
# Enable display of unknown usernames when login failures are recorded.
#
LOG_UNKFAIL_ENAB	no

#
# Enable logging of successful logins
#
LOG_OK_LOGINS		no

#
# Enable logging and display of /var/log/lastlog login time info.
#
LASTLOG_ENAB		yes

#
# Enable checking and display of mailbox status upon login.
#
# Disable if the shell startup files already check for mail
# ("mailx -e" or equivalent).
#
MAIL_CHECK_ENAB		yes

#
# Enable additional checks upon password changes.
#
OBSCURE_CHECKS_ENAB	yes

#
# Enable checking of time restrictions specified in /etc/porttime.
#
PORTTIME_CHECKS_ENAB	yes

#
# Enable setting of ulimit, umask, and niceness from passwd gecos field.
#
QUOTAS_ENAB		yes

#
# Enable "syslog" logging of su activity - in addition to sulog file logging.
# SYSLOG_SG_ENAB does the same for newgrp and sg.
#
SYSLOG_SU_ENAB		yes
SYSLOG_SG_ENAB		yes

#
# If defined, either full pathname of a file containing device names or
# a ":" delimited list of device names.  Root logins will be allowed only
# upon these devices.
#
CONSOLE		/etc/securetty
#CONSOLE	console:tty01:tty02:tty03:tty04

#
# If defined, all su activity is logged to this file.
#
#SULOG_FILE	/var/log/sulog

#
# If defined, ":" delimited list of "message of the day" files to
# be displayed upon login.
#
MOTD_FILE	/etc/motd
#MOTD_FILE	/etc/motd:/usr/lib/news/news-motd

#
# If defined, this file will be output before each login prompt.
#
#ISSUE_FILE	/etc/issue

#
# If defined, file which maps tty line to TERM environment parameter.
# Each line of the file is in a format something like "vt100  tty01".
#
#TTYTYPE_FILE	/etc/ttytype

#
# If defined, login failures will be logged here in a utmp format.
# last, when invoked as lastb, will read /var/log/btmp, so...
#
FTMP_FILE	/var/log/btmp

#
# If defined, name of file whose presence which will inhibit non-root
# logins.  The contents of this file should be a message indicating
# why logins are inhibited.
#
NOLOGINS_FILE	/etc/nologin

#
# If defined, the command name to display when running "su -".  For
# example, if this is defined as "su" then a "ps" will display the
# command is "-su".  If not defined, then "ps" would display the
# name of the shell actually being run, e.g. something like "-sh".
#
SU_NAME		su

#
# *REQUIRED*
#   Directory where mailboxes reside, _or_ name of file, relative to the
#   home directory.  If you _do_ define both, MAIL_DIR takes precedence.
#   QMAIL_DIR is for Qmail
#
#QMAIL_DIR	Maildir
MAIL_DIR /var/spool/mail
#MAIL_FILE	.mail

#
# If defined, file which inhibits all the usual chatter during the login
# sequence.  If a full pathname, then hushed mode will be enabled if the
# user's name or shell are found in the file.  If not a full pathname, then
# hushed mode will be enabled if the file exists in the user's home directory.
#
HUSHLOGIN_FILE	.hushlogin
#HUSHLOGIN_FILE	/etc/hushlogins

#
# If defined, the presence of this value in an /etc/passwd "shell" field will
# disable logins for that user, although "su" will still be allowed.
#
# XXX this does not seem to be implemented yet...  --marekm
# no, it was implemented but I ripped it out ;-) -- jfh
NOLOGIN_STR	NOLOGIN

#
# If defined, either a TZ environment parameter spec or the
# fully-rooted pathname of a file containing such a spec.
#
#ENV_TZ		TZ=CST6CDT
#ENV_TZ		/etc/tzname

#
# If defined, an HZ environment parameter spec.
#
# for Linux/x86
ENV_HZ		HZ=100
# For Linux/Alpha...
#ENV_HZ		HZ=1024

#
# *REQUIRED*  The default PATH settings, for superuser and normal users.
#
# (they are minimal, add the rest in the shell startup files)
ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
ENV_PATH	PATH=/usr/local/bin:/bin:/usr/bin

#
# Terminal permissions
#
#	TTYGROUP	Login tty will be assigned this group ownership.
#	TTYPERM		Login tty will be set to this permission.
#
# If you have a "write" program which is "setgid" to a special group
# which owns the terminals, define TTYGROUP to the group number and
# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
# TTYPERM to either 622 or 600.
#
TTYGROUP	tty
TTYPERM		0620

#
# Login configuration initializations:
#
#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
#	UMASK		Default "umask" value.
#	ULIMIT		Default "ulimit" value.
#
# The ERASECHAR and KILLCHAR are used only on System V machines.
# The ULIMIT is used only if the system supports it.
# (now it works with setrlimit too; ulimit is in 512-byte units)
#
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
#
ERASECHAR	0177
KILLCHAR	025
UMASK		022
#ULIMIT		2097152

#
# Password aging controls:
#
#	PASS_MAX_DAYS	Maximum number of days a password may be used.
#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
#	PASS_MIN_LEN	Minimum acceptable password length.
#	PASS_WARN_AGE	Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7

#
# If "yes", the user must be listed as a member of the first gid 0 group
# in /etc/group (called "root" on most Linux systems) to be able to "su"
# to uid 0 accounts.  If the group doesn't exist or is empty, no one
# will be able to "su" to uid 0.
#
SU_WHEEL_ONLY	no

#
# If compiled with cracklib support, where are the dictionaries
#
#CRACKLIB_DICTPATH	/var/cache/cracklib/cracklib_dict

#
# Min/max values for automatic uid selection in useradd
#
UID_MIN 1000
UID_MAX 60000

#
# Min/max values for automatic gid selection in groupadd
#
GID_MIN 100
GID_MAX 60000

#
# Max number of login retries if password is bad
#
LOGIN_RETRIES		5

#
# Max time in seconds for login
#
LOGIN_TIMEOUT		60

#
# Maximum number of attempts to change password if rejected (too easy)
#
PASS_CHANGE_TRIES	5

#
# Warn about weak passwords (but still allow them) if you are root.
#
PASS_ALWAYS_WARN	yes

#
# Number of significant characters in the password for crypt().
# Default is 8, don't change unless your crypt() is better.
# Ignored if MD5_CRYPT_ENAB set to "yes".
#
#PASS_MAX_LEN		8

#
# Require password before chfn/chsh can make any changes.
#
CHFN_AUTH		yes

#
# Which fields may be changed by regular users using chfn - use
# any combination of letters "frwh" (full name, room number, work
# phone, home phone).  If not defined, no changes are allowed.
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
# 
CHFN_RESTRICT		frwh

#
# Password prompt (%s will be replaced by user name).
#
# XXX - it doesn't work correctly yet, for now leave it commented out
# to use the default which is just "Password: ".
#LOGIN_STRING		"%s's Password: "

#
# Only works if compiled with MD5_CRYPT defined:
# If set to "yes", new passwords will be encrypted using the MD5-based
# algorithm compatible with the one used by recent releases of FreeBSD.
# It supports passwords of unlimited length and longer salt strings.
# Set to "no" if you need to copy encrypted passwords to other systems
# which don't understand the new algorithm.  Default is "no".
#
MD5_CRYPT_ENAB	yes

#
# List of groups to add to the user's supplementary group set
# when logging in on the console (as determined by the CONSOLE
# setting).  Default is none.
#
# Use with caution - it is possible for users to gain permanent
# access to these groups, even when not logged in on the console.
# How to do it is left as an exercise for the reader...
#
CONSOLE_GROUPS		floppy:audio:video:cdrom

#
# Should login be allowed if we can't cd to the home directory?
# Default in no.
#
DEFAULT_HOME	yes

#
# If this file exists and is readable, login environment will be
# read from it.  Every line should be in the form name=value.
#
ENVIRON_FILE	/etc/environment

#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
#USERDEL_CMD	/usr/sbin/userdel_local

#
# If defined, either full pathname of a file containing device names or
# a ":" delimited list of device names.  No password is required to log in
# as a non-root user on these devices.
#
#NO_PASSWORD_CONSOLE tty1:tty2:tty3:tty4:tty5:tty6

#
# When prompting for password without echo, getpass() can optionally
# display a random number (in the range 1 to GETPASS_ASTERISKS) of '*'
# characters for each character typed.  This feature is designed to
# confuse people looking over your shoulder when you enter a password :-).
# Also, the new getpass() accepts both Backspace (8) and Delete (127)
# keys to delete previous character (to cope with different terminal
# types), Control-U to delete all characters, and beeps when there are
# no more characters to delete, or too many characters entered.
#
# Setting GETPASS_ASTERISKS to 1 results in more traditional behaviour -
# exactly one '*' displayed for each character typed.
#
# Setting GETPASS_ASTERISKS to 0 disables the '*' characters (Backspace,
# Delete, Control-U and beep continue to work as described above).
#
# Setting GETPASS_ASTERISKS to -1 reverts to the traditional getpass()
# without any new features.  This is the default.
#
#GETPASS_ASTERISKS 1

#
# Enable setting of the umask group bits to be the same as owner bits
# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
# the same as gid, and username is the same as the primary group name.
#
# This also enables userdel to remove user groups if no members exist.
#
USERGROUPS_ENAB yes
Check again, it's in your /etc directory.
I don't think you would get those errors without one.

Do some more research before you edit this though - I am no expert on this.

Also, if you really need PAM and you can't get things to work, install Dropline Gnome. This will install PAM for you.
Some people dislike Dropline, but it's a fine product. (I don't use it - or PAM)

HTH
 
Old 11-08-2005, 07:54 PM   #6
dunric
Member
 
Registered: Jul 2004
Distribution: Void Linux, former Slackware
Posts: 498

Rep: Reputation: 100Reputation: 100
Quote:
Originally posted by darkarcon2015
Also: if Slackware doesn't use PAM to authenticate, what does it use?
Slack uses by default standard authentication methods against local databases /etc/shadow (/etc/passwd ) or NIS/NIS+ servers. One man can add support for authentication by [Open]LDAP server with nss_ldap module.
See
Code:
 man 5 nsswitch.conf
for configuration description and more.
 
Old 11-11-2005, 02:37 PM   #7
zborgerd
Member
 
Registered: Mar 2004
Distribution: Slackware / Dropline GNOME
Posts: 378

Rep: Reputation: 30
We occasionally get requests from Slackware users about how to build PAM on Slackware systems. There appears to be a growing interest in using PAM on Slackware, because of its flexibility and authentication features that do not exist within a standard Slackware install. For that reason, we keep a sticky thread in the Dropline forums that detail how we use PAM and which packages are required for use by people that don't want to use the entire Dropline GNOME desktop. It can be an overwhelming library to build, but you can have PAM up and running with 3-4 package updates listed here.

http://dropline-gnome.sourceforge.ne...pic.php?t=4441

Build scripts (for our functions-based build engine - http://dlgwiki.dot42.org/index.php/Build_Engine ) are included in the packages, so you can see how we do this. On the other hand, unless you require any special features that we do not provide, these packages should work nicely on a stock Slackware system. You can then add any extra modules that you need to use.

Last edited by zborgerd; 11-11-2005 at 02:38 PM.
 
Old 11-11-2005, 08:56 PM   #8
darkarcon2015
Member
 
Registered: Jun 2004
Location: Potsdam, NY
Distribution: Fedora Core 6
Posts: 201

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by zborgerd
We occasionally get requests from Slackware users about how to build PAM on Slackware systems. There appears to be a growing interest in using PAM on Slackware, because of its flexibility and authentication features that do not exist within a standard Slackware install. For that reason, we keep a sticky thread in the Dropline forums that detail how we use PAM and which packages are required for use by people that don't want to use the entire Dropline GNOME desktop. It can be an overwhelming library to build, but you can have PAM up and running with 3-4 package updates listed here.

http://dropline-gnome.sourceforge.ne...pic.php?t=4441

Build scripts (for our functions-based build engine - http://dlgwiki.dot42.org/index.php/Build_Engine ) are included in the packages, so you can see how we do this. On the other hand, unless you require any special features that we do not provide, these packages should work nicely on a stock Slackware system. You can then add any extra modules that you need to use.
Okay, I installed the four packages listed for Slackware 10.2, but when I go to `/bin/login', I can only log in as a normal user, not root. I can `su' though.
 
Old 11-12-2005, 09:53 AM   #9
zborgerd
Member
 
Registered: Mar 2004
Distribution: Slackware / Dropline GNOME
Posts: 378

Rep: Reputation: 30
Quote:
Originally posted by darkarcon2015
Okay, I installed the four packages listed for Slackware 10.2, but when I go to `/bin/login', I can only log in as a normal user, not root. I can `su' though.
Strange. That doesn't happen here. Did you use "installpkg" or "upgradepkg --install-new" to cleanly upgrade the existing packages?

Also, any number of things could have been left behind if you've made previous attempts to update PAM and Shadow. Did you make certain all of that was removed? If you've previously tried to install PAM, then it's likely that there were some existing files in /etc/pam.d/ . You will need to make sure that the .new config files replace those.

You may want to pop open another terminal and analyze your logs "tail -f /var/log/messages" and see if there are any messages in relation to authentication.

Last edited by zborgerd; 11-12-2005 at 09:58 AM.
 
Old 11-12-2005, 10:06 AM   #10
zborgerd
Member
 
Registered: Mar 2004
Distribution: Slackware / Dropline GNOME
Posts: 378

Rep: Reputation: 30
Hmm. Thinking about it a bit, I would almost assume that you have an old PAM config that is set to disable root logins. Are you doing this through an SSH login, or are you logged in locally?
 
Old 11-12-2005, 12:30 PM   #11
darkarcon2015
Member
 
Registered: Jun 2004
Location: Potsdam, NY
Distribution: Fedora Core 6
Posts: 201

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by zborgerd
Hmm. Thinking about it a bit, I would almost assume that you have an old PAM config that is set to disable root logins. Are you doing this through an SSH login, or are you logged in locally?
I am logged in locally, I have physical access to the machine I am working on.
 
Old 11-12-2005, 02:35 PM   #12
zborgerd
Member
 
Registered: Mar 2004
Distribution: Slackware / Dropline GNOME
Posts: 378

Rep: Reputation: 30
Are you trying to run "/bin/login" in a terminal that you are already logged into?
 
Old 11-12-2005, 02:42 PM   #13
zborgerd
Member
 
Registered: Mar 2004
Distribution: Slackware / Dropline GNOME
Posts: 378

Rep: Reputation: 30
Which login.defs are you using? The one that comes with our Shadow package, or one something else?
 
Old 10-20-2007, 01:59 PM   #14
GeneralCody
LQ Newbie
 
Registered: Jun 2005
Location: Terra Incognita
Distribution: Slackware, Ubuntu, FreeBSD
Posts: 6

Rep: Reputation: 0
Why doesn't Slackware use PAM?

Because it is a poorly written piece of software. Insecure.
 
Old 10-20-2007, 02:27 PM   #15
Alien_Hominid
Senior Member
 
Registered: Oct 2005
Location: Lithuania
Distribution: Hybrid
Posts: 2,247

Rep: Reputation: 53
You don't need to necro 2 year old threads.
 
  


Reply

Tags
troll


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
pam radius auth in slackware ?? Barx Slackware 1 04-30-2005 08:06 AM
does slackware 10 support PAM? joroxx Slackware - Installation 2 11-16-2004 12:06 AM
vsftpd + pam + virtual users - Pam cannot load database file. mdkelly069 Linux - Networking 3 09-22-2004 11:07 PM
pam mount in slackware 10 qwijibow Linux - Software 1 08-06-2004 08:37 AM
Slackware, Samba, Winbind & PAM; Oh My! BulletSponge Slackware 3 06-20-2003 05:01 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 05:23 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration