Dan Nicholson wrote: > The pam system's administrator guide is very helpful. > > http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/Linux-PAM_SAG.html > > The module pages and some general pam information are available as man > pages. See pam(8) and pam_unix(8). The pam_unix page even has a usable > example configuration. > > That said, pam is pretty complex. What has helped me besides reading > the documentation is looking at the configuration on the big distros. > Since they're distributing to a wide variety of users and settings, > they usually have a secure but usable setup. If you have another > system around (Ubuntu, Fedora, etc.), take a look at their login and > passwd settings.
Sorry to quote Dan's whole post but it is relevant. Thing that bothers me is that the PAM .so stack that BLFS currently uses is deprecated. Seems creating and using a system-auth (or perhaps auth-system; can't remember) module and config file is the way to go now. I installed PAM yesterday, and Shadow now installs a set of /etc/pam.d files that will lock up the system (of course, I tried to login before doing anything further, as instructed by the BLFS book). This of course is using most recent Shadow and PAM. Anyway, I had to delete all the /etc/pam.d files that Shadow installed and add the files specified by the BLFS book. We've got a lot of work ahead on this one. I'm updating LFS to the most recent Shadow, so BLFS will have to follow. And the instructions will need to change. Anyone with some relevant experience with these newer Shadow and PAM packages should step up and let themselves known. :-) -- Randy -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
