SSgt Harris, Christian D. wrote:
> I'm am still getting the various 'unknown item' configuration errors
>after re-installing shadow for PAM functionality. But I am still able
> to login/su.
[snip]
Justin Knierim wrote:
> I re-installed cracklib, pam and shadow (using 4.0.11.1 instead of
> 4.0.9, and adding "--enable-shadowgrp") as in BLFS and the problems are
> gone on my system. I had the same errors before.
I re- compiled and installed all the packages with the replacement
shadow-4.0.11.1, and the errors still persist. I want to just quit, and
forget about it, but that would mean defeat. After hours of reading
various message boards and threads, I came across this;
kloczek wrote:
[snip]
> This varables are now disabled if shadow is
> configured with PAM support enabled because all code managed by above
> variables are disabled in this case. Handle faillog it is task for
> pam_tally. Setting enviroment variables it is pam_env. Display mail
> notitications it is task for pam_mail .. etc.
> Perhaps those lines should be removed from /etc/login.defs?
> Yes .. in case when PAM support was enabled.
> Should they not already be removed from the default
> configuration files etc/login.defs.linux in the shadow 4.0.8 tarball, please?
> Better .. this file must be generated depending on disable/enable PAM
> support on autoconf level.
> In longer time I want move as amny as possible variables from
> /etc/login.defs to /etc/default/<program> (best will be IMO completly
> remove handle /etc/login.defs).
> Now some programs uses two configuration files and APIs (like useradd one
> for /etc/login.defs and second for handle /etc/default/useradd). I want
> repalce this by one (common for handle /etc/default/<program>).
This would be a good indication of why I can still login/su into my system.
If I remove these variables from my login.defs how can I tell that all the
settings are indeed being handled by PAM correctly?
