Linux-PAM-0.78

Introduction to Linux-PAM

The Linux-PAM package contains Pluggable Authentication Modules. This is useful to enable the local system administrator to choose how applications authenticate users.

Package information

Linux-PAM dependencies

Recommended

cracklib-2.7

Optional

sgmltools-lite and Berkeley DB-4.3.27 (for pam_userdb module)

Installation of Linux-PAM

Install Linux-PAM by running the following commands:

patch -Np1 -i ../Linux-PAM-0.78-linkage-2.patch &&
autoconf &&
sed -i 's/(mandir)/(MANDIR)/g' modules/Simple.Rules &&
./configure --enable-static-libpam --with-mailspool=/var/mail \
    --enable-read-both-confs --sysconfdir=/etc &&
make

Now, as the root user:

make install &&
mv /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a /usr/lib &&
rm /lib/libpam{,c,_misc}.so &&
ln -sf ../../lib/libpam.so.0.78 /usr/lib/libpam.so &&
ln -sf ../../lib/libpam_misc.so.0.78 /usr/lib/libpam_misc.so &&
ln -sf ../../lib/libpamc.so.0.78 /usr/lib/libpamc.so

Command explanations

autoconf: This is necessary because the patch changes where PAM looks for the cracklib libraries, requiring regeneration of the configure script.

sed -i 's/(mandir)/(MANDIR)/g' modules/Simple.Rules: This command puts the module manpages with the rest of the manpages in /usr/share/man.

--enable-static-libpam: This switch builds static PAM libraries as well as the dynamic libraries.

--with-mailspool=/var/mail: This switch makes the mailspool directory FHS compliant.

--enable-read-both-confs: This switch lets the local administrator choose which configuration file setup to use.

mv /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a /usr/lib: This command moves the static libraries to /usr/lib to comply with FHS guidelines.

rm /lib/libpam{,c,_misc}.so; ln -sf ... /usr/lib/...: These commands move the .so symlinks from /lib to /usr/lib.

Configuring Linux-PAM

Config files

/etc/pam.d/* or /etc/pam.conf

Configuration Information

Configuration information is placed in /etc/pam.d/ or /etc/pam.conf depending on user preference. Below are example files of each type:

# Begin /etc/pam.d/other

auth            required        pam_unix.so     nullok
account         required        pam_unix.so
session         required        pam_unix.so
password        required        pam_unix.so     nullok

# End /etc/pam.d/other

# Begin /etc/pam.conf

other           auth            required        pam_unix.so     nullok
other           account         required        pam_unix.so
other           session         required        pam_unix.so
other           password        required        pam_unix.so     nullok

# End /etc/pam.conf

The PAM man page (man pam) provides a good starting point for descriptions of fields and allowable entries. The Linux-PAM guide for system administrators is recommended for further reading.

Refer to http://www.kernel.org/pub/linux/libs/pam/modules.html for a list of various modules available.

[Note]

Note

You should now reinstall the Shadow-4.0.4.1 package.

Contents

Installed Program: unix_chkpwd and pam_tally
Installed Libraries: libpam.[so,a], libpamc.[so,a] and libpam_misc.[so,a]
Installed Directories: /etc/pam.d, /etc/security, /lib/security and /usr/include/security

Short Descriptions

unix_chkpwd

checks user passwords that are stored in read protected databases.

libpam.[so,a]

provide the interfaces between applications and the PAM modules.

Last updated on 2005-03-17 20:30:11 -0700