Hi all,
Reading up on configuring more stringent authentication via PAM I was instructed to edit /etc/pam.d/password-auth and I noticed this in the file: "User changes will be destroyed the next time authconfig is run." Researching a bit further I've found this thread and this one, the latter looking to be more helpful than the former.
If I'm reading that (and the man page for authconfig) correctly /etc/pam.d/system-auth points to /etc/pam.d/system-auth-ac? When I open either they look the same. Is that correct? I ask because the latter has the same "User changes will be destroyed" message as the former. It's not clear if the latter is only saying that because it's pointing to the former or if it too will be overwritten.
I'm now going to start reading the Red Hat PAM config pages but it seems to be a long and complex topic using vocab I've never used before so I feel like I'm going to be diving a mile to answer a 2" question. I'm not sure that's needed (right now) so if anyone has some helpful info please share.
How to config /etc/pam.d/password-auth without being overwritten
-
- Posts: 42
- Joined: 2015/08/27 21:15:03
Re: How to config /etc/pam.d/password-auth without being overwritten
The files look the same because one is a symlink to the other.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 42
- Joined: 2015/08/27 21:15:03
Re: How to config /etc/pam.d/password-auth without being overwritten
That's what I figured. So if /etc/pam.d/system-auth points to /etc/pam.d/system-auth-ac and changes to /etc/pam.d/system-auth-ac are overwritten ... then how are we supposed to put config in /etc/pam.d/system-auth and expect it to not be overwritten?
Re: How to config /etc/pam.d/password-auth without being overwritten
You're meant to either use authconfig to make the changes or never to use authconfig or anything that might invoke authconfig and then you can manage them yourself.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 42
- Joined: 2015/08/27 21:15:03
Re: How to config /etc/pam.d/password-auth without being overwritten
Seems a bit risky, hard to know whether or not something might invoke authconfig later. I guess I'll do some more reading on it. Thanks.TrevorH wrote:or never to use authconfig or anything that might invoke authconfig