|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Solar Designer (solar
openwall.com)Date: Fri Nov 02 2001 - 10:17:05 CST
On Fri, Nov 02, 2001 at 09:42:23AM -0500, Brian Clark wrote:
> If that is correct, then I'm also guessing I need to create a file
> called popa3d under /etc/pam.d with something like this?
Of course.
> auth required /lib/security/pam_unix.so
> auth required /lib/security/pam_unix.so shadow use_first_pass
You only need one instance of pam_unix for authentication and you only
need the use_first_pass if you stack another module such as pam_userpass
which is supposed to take the password out of the application.
> account required /lib/security/pam_unix.so
>
> If I'm using md5, does md5 need to be on any of those lines, or is
> that only for applications capable of changing a password?
It's for password changes only.
> Is it preferred to use AUTH_PAM_USERPASS over regular AUTH_PAM?
Yes, but if it's just for your personal use you don't have to bother.
The pam_userpass approach is more consistent, but it's also quite new
and not so well established. Andrew was going to make pam_userpass an
official Linux-PAM example of using the binary prompts, but for that
to happen some more work is needed.
> In your example for pam_userpass, I see:
>
> auth required /lib/security/pam_userpass.so
> auth required /lib/security/pam_pwdb.so shadow use_first_pass
> account required /lib/security/pam_pwdb.so
>
> But I don't have pam_pwdb on the system.
I'm quite sure that you do. But pam_pwdb really is obsolete, if your
system uses pam_unix by default then go ahead for that instead.
> (Sorry for all the stupid newbie questions; PAM is confusing -- even
> after having read the docs the best I could)
It got all kinds of complexities over the years.
-- /sd_______________________________________________ Pam-list mailing list Pam-list
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]