[TriLUG] PAM /etc/passwd question

Jon Carnes jonc at nc.rr.com
Wed Mar 6 16:21:10 EST 2002 

Crud... I've read the friggin huge PAM docs twice in my life and each time I
understand pam for just long enough to make the changes I want to make...
and then forget everything again.  Must be some Chuthlu kind of thing going
on there.
If it helps, here is a pam.d/passwd file that uses MD5 and Shadow:

   #%PAM-1.0
   auth       required     /lib/security/pam_pwdb.so shadow nullok
   account    required     /lib/security/pam_pwdb.so
   password   required     /lib/security/pam_cracklib.so retry=3
   password   required     /lib/security/pam_pwdb.so use_authtok nullok md5
shadow

Jon
----- Original Message -----
From: "Kevin Hunter" <khunter at rhoworld.com>
To: <trilug at trilug.org>
Sent: Wednesday, March 06, 2002 2:33 PM
Subject: [TriLUG] PAM /etc/passwd question


>
> Ok, no one laugh.  Remember new guy trying to learn t/d things right
> typing here.  I took a tip from industrial-linux.org re: pam and
> password authentication/changing.  However, I think I've left one
> line in that should be removed.  PAM is still a little fuzzy to me.
> My original /etc/pam.d/passwd file is :
>
> #%PAM-1.0
> auth       required     /lib/security/pam_stack.so
> service=system-auth
> account    required     /lib/security/pam_stack.so
> service=system-auth
> password   required     /lib/security/pam_stack.so
> service=system-auth
>
> I changed it to the following to support md5 and to force changes of
> passwords to something unique.
>
> #%PAM-1.0
> auth       required     /lib/security/pam_stack.so
> service=system-auth
> account    required     /lib/security/pam_stack.so
> service=system-auth
> password   required     /lib/security/pam_stack.so
> service=system-auth
>
> # These lines added to allow support of md5 passwords
>
> password   required     /lib/security/pam_cracklib.so minlen=8
> difok=3
> password   required     /lib/security/pam_pwdb.so use_authtok nullok
> md5
>
>
> However, I think I need to remove the "pam_stack" line b/c when I
> change a password, I get prompted twice, once w/ "New Password" and
> once w/ "New UNIX Password".
>
> Am I on track?
>
> Thx!
>
> KH
>
> _______________________________________________
> TriLUG mailing list
>     http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
>     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html

More information about the TriLUG mailing list