Mailing List Archive

On Sun, Jan 16, 2000 at 03:22:24PM +0000, Andre Lucas wrote:
> In any case, I think a working Linux PAM config file should be in the
> distribution. Perhaps someone who knows PAM well can provide one that's
> good on Linux-PAM?

I just copy the one used for login, and remove the references to
pam_securetty, and it's always worked fine. Under Red Hat Linux 6.1:

#%PAM-1.0
#auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_pwdb.so shadow nullok
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_pwdb.so
password required /lib/security/pam_cracklib.so
password required /lib/security/pam_pwdb.so nullok use_authtok md5 shadow
session required /lib/security/pam_pwdb.so
session optional /lib/security/pam_console.so

If I were using another distribution, I'd expect pam_pwdb to be replaced
by pam_unix, but the arguments wouldn't need to change. This might be a
good one to include in the Red Hat-specific RPM, anyway.

Cheers,

Nalin

Have you checked in the redhat-specific directory in the OpenSSH source
tree? There's a pam config file there that works nicely.

--
jim knoble
jmknoble@pobox.com

På 2000-Jan-16 klokka 15:22:24 +0000 skrivet Andre Lucas:

: This might have been covered before and I've missed it. If so, sorry in
: advance.
:
: The file sshd.pam.generic didn't work for me on Linux RH6, I guess it's
: a Solaris file. Instead I copied the file /etc/pam.d/rlogin to
: /etc/pam.d/sshd . I wonder if this isn't a good way to go about things
: anyway, have an install target that does just that?
:
: Perhaps the rsh file is more appropriate for SSH. Perhaps neither - I
: just haven't looked into PAM in any detail yet, and the above seems to
: work well.
:
: In any case, I think a working Linux PAM config file should be in the
: distribution. Perhaps someone who knows PAM well can provide one that's
: good on Linux-PAM?

On Sun, 16 Jan 2000, Andre Lucas wrote:

> This might have been covered before and I've missed it. If so, sorry in
> advance.
>
> The file sshd.pam.generic didn't work for me on Linux RH6, I guess it's
> a Solaris file. Instead I copied the file /etc/pam.d/rlogin to
> /etc/pam.d/sshd . I wonder if this isn't a good way to go about things
> anyway, have an install target that does just that?

You are probably after packages/redhat/sshd.pam. That is the one I
use in the RPMs.

Regards,
Damien

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)

>
> You are probably after packages/redhat/sshd.pam. That is the one I
> use in the RPMs.

Doh! I guess I probably am. It's not mentioned in the INSTALL doc, but
that's no excuse for not looking... Thanks.

-Andre

--
Andre Lucas <andre.lucas@dial.pipex.com>
http://dspace.dial.pipex.com/andre.lucas/

On Sun, 16 Jan 2000, Andre Lucas wrote:

> >
> > You are probably after packages/redhat/sshd.pam. That is the one I
> > use in the RPMs.
>
> Doh! I guess I probably am. It's not mentioned in the INSTALL doc, but
> that's no excuse for not looking... Thanks.

It is now :)

-d

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)