Linux-PAM-0.80

Introduction to Linux-PAM

The Linux-PAM package contains Pluggable Authentication Modules. This is useful to enable the local system administrator to choose how applications authenticate users.

Package Information

Additional Downloads

Linux-PAM Dependencies

Recommended

CrackLib-2.8.3

Optional

sgmltools-lite and Berkeley DB-4.3.28 (for pam_userdb module)

Installation of Linux-PAM

Install Linux-PAM by running the following commands:

sed -i 's|DICT_DIR_CANDIDATES="|&/lib /lib/cracklib |' \
    configure &&
./configure --enable-static-libpam --with-mailspool=/var/mail \
    --enable-read-both-confs --sysconfdir=/etc \
    --mandir=/usr/share/man &&
make

If you downloaded the documentation and wish to install it, unpack the tarball into the doc directory:

tar -jxf ../Linux-PAM-0.80-docs.tar.bz2 -C doc

Now, as the root user:

make install &&
mv -v /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a /usr/lib &&
rm -v /lib/libpam{,c,_misc}.so &&
ln -v -sf ../../lib/libpam.so.0.80 /usr/lib/libpam.so &&
ln -v -sf ../../lib/libpam_misc.so.0.80 /usr/lib/libpam_misc.so &&
ln -v -sf ../../lib/libpamc.so.0.80 /usr/lib/libpamc.so

Install the documentation using the following commands:

install -v -d -m755 /usr/share/doc/Linux-PAM-0.80 &&
for DOCTYPE in html ps specs txts
do
    cp -v -R doc/$DOCTYPE /usr/share/doc/Linux-PAM-0.80
done

Command Explanations

sed -i 's|DICT_DIR_CANDIDATES="|&/lib /lib/cracklib |' configure: This command changes where configure looks to find the CrackLib dictionary.

--enable-static-libpam: This switch builds static PAM libraries as well as the dynamic libraries.

--with-mailspool=/var/mail: This switch makes the mailspool directory FHS compliant.

--enable-read-both-confs: This switch lets the local administrator choose which configuration file setup to use.

mv -v /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a /usr/lib: This command moves the static libraries to /usr/lib to comply with FHS guidelines.

rm -v /lib/libpam{,c,_misc}.so; ln -v -sf ... /usr/lib/...: These commands move the .so symlinks from /lib to /usr/lib.

Configuring Linux-PAM

Config Files

/etc/security/* and /etc/pam.d/* or /etc/pam.conf

Configuration Information

Configuration information is placed in /etc/pam.d/ or /etc/pam.conf depending on user preference. Below are example files of each type:

# Begin /etc/pam.d/other

auth            required        pam_unix.so     nullok
account         required        pam_unix.so
session         required        pam_unix.so
password        required        pam_unix.so     nullok

# End /etc/pam.d/other

# Begin /etc/pam.conf

other           auth            required        pam_unix.so     nullok
other           account         required        pam_unix.so
other           session         required        pam_unix.so
other           password        required        pam_unix.so     nullok

# End /etc/pam.conf

The PAM man page (man pam) provides a good starting point for descriptions of fields and allowable entries. The Linux-PAM guide for system administrators is recommended for further reading.

Refer to http://www.kernel.org/pub/linux/libs/pam/modules.html for a list of various modules available.

[Note]

Note

You should now reinstall the Shadow-4.0.9 package.

Contents

Installed Programs: unix_chkpwd and pam_tally
Installed Libraries: libpam.[so,a], libpamc.[so,a], and libpam_misc.[so,a]
Installed Directories: /etc/pam.d, /etc/security, /lib/security, and /usr/include/security

Short Descriptions

unix_chkpwd

checks user passwords that are stored in read protected databases.

pam_tally

is used to view or manipulate the faillog file.

libpam.[so,a]

provides the interfaces between applications and the PAM modules.

Last updated on 2005-08-01 13:29:19 -0600