How to config /etc/pam.d/password-auth without being overwritten

Support for security such as Firewalls and securing linux
Post Reply
fla_panther
Posts: 42
Joined: 2015/08/27 21:15:03

How to config /etc/pam.d/password-auth without being overwritten

Post by fla_panther » 2016/10/10 00:12:13

Hi all,

Reading up on configuring more stringent authentication via PAM I was instructed to edit /etc/pam.d/password-auth and I noticed this in the file: "User changes will be destroyed the next time authconfig is run." Researching a bit further I've found this thread and this one, the latter looking to be more helpful than the former.

If I'm reading that (and the man page for authconfig) correctly /etc/pam.d/system-auth points to /etc/pam.d/system-auth-ac? When I open either they look the same. Is that correct? I ask because the latter has the same "User changes will be destroyed" message as the former. It's not clear if the latter is only saying that because it's pointing to the former or if it too will be overwritten.

I'm now going to start reading the Red Hat PAM config pages but it seems to be a long and complex topic using vocab I've never used before so I feel like I'm going to be diving a mile to answer a 2" question. I'm not sure that's needed (right now) so if anyone has some helpful info please share.

User avatar
TrevorH
Forum Moderator
Posts: 26942
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: How to config /etc/pam.d/password-auth without being overwritten

Post by TrevorH » 2016/10/10 06:23:46

The files look the same because one is a symlink to the other.
CentOS 5 died in March 2017 - migrate NOW!
CentOS 6 goes EOL sooner rather than later, get upgrading!
Full time Geek, part time moderator. Use the FAQ Luke

fla_panther
Posts: 42
Joined: 2015/08/27 21:15:03

Re: How to config /etc/pam.d/password-auth without being overwritten

Post by fla_panther » 2016/10/11 16:09:57

That's what I figured. So if /etc/pam.d/system-auth points to /etc/pam.d/system-auth-ac and changes to /etc/pam.d/system-auth-ac are overwritten ... then how are we supposed to put config in /etc/pam.d/system-auth and expect it to not be overwritten?

User avatar
TrevorH
Forum Moderator
Posts: 26942
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: How to config /etc/pam.d/password-auth without being overwritten

Post by TrevorH » 2016/10/11 16:37:50

You're meant to either use authconfig to make the changes or never to use authconfig or anything that might invoke authconfig and then you can manage them yourself.
CentOS 5 died in March 2017 - migrate NOW!
CentOS 6 goes EOL sooner rather than later, get upgrading!
Full time Geek, part time moderator. Use the FAQ Luke

fla_panther
Posts: 42
Joined: 2015/08/27 21:15:03

Re: How to config /etc/pam.d/password-auth without being overwritten

Post by fla_panther » 2016/10/11 23:57:27

TrevorH wrote:or never to use authconfig or anything that might invoke authconfig
Seems a bit risky, hard to know whether or not something might invoke authconfig later. I guess I'll do some more reading on it. Thanks.

Post Reply

Return to “CentOS 6 - Security Support”