On 04/03/2012 10:23 AM, Ken Moffat wrote: > 4. For many of the PAM files in /etc/pam.d we chmod them to 644 > after root has created them, but for a couple of newer ones the > chmod is not mentioned. Looking at my results, they are 644 - > should be keep the chmod in case people have weird settings, and > therefore do it for all these files, or can we just assume > everything will be ok ? While on the topic of gdm, it would definitely be preferable to use system-* where possible.
Assuming what is in the book now is what you actually want to use, this would be the preferred result: auth required pam_env.so auth include system-auth account required pam_nologin.so account include system-account password include system-password session optional pam_keyinit.so force revoke session include system-session session required pam_loginuid.so session optional pam_console.so Using the system-* files where appropriate allows me to modify only those files and still have the book's instructions work no matter where/how/why my authentication is setup (assuming the unknown/unfamiliar to me modules don't have issues). Users can be stored in LDAP, NIS, or AD (others?) and no changes are required to the book's instructions once I modify the system-* pam.d files to support my choice of authentication system. -- DJ Lucas -- This message has been scanned for viruses and dangerous content, and is believed to be clean. -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
