How to config /etc/pam.d/password-auth without being overwritten

[fla_panther]

Hi all,

Reading up on configuring more stringent authentication via PAM I was instructed to edit /etc/pam.d/password-auth and I noticed this in the file: "User changes will be destroyed the next time authconfig is run." Researching a bit further I've found this thread and this one, the latter looking to be more helpful than the former.

If I'm reading that (and the man page for authconfig) correctly /etc/pam.d/system-auth points to /etc/pam.d/system-auth-ac? When I open either they look the same. Is that correct? I ask because the latter has the same "User changes will be destroyed" message as the former. It's not clear if the latter is only saying that because it's pointing to the former or if it too will be overwritten.

I'm now going to start reading the Red Hat PAM config pages but it seems to be a long and complex topic using vocab I've never used before so I feel like I'm going to be diving a mile to answer a 2" question. I'm not sure that's needed (right now) so if anyone has some helpful info please share.

[TrevorH]

The files look the same because one is a symlink to the other.

[fla_panther]

That's what I figured. So if /etc/pam.d/system-auth points to /etc/pam.d/system-auth-ac and changes to /etc/pam.d/system-auth-ac are overwritten ... then how are we supposed to put config in /etc/pam.d/system-auth and expect it to not be overwritten?

[TrevorH]

You're meant to either use authconfig to make the changes or never to use authconfig or anything that might invoke authconfig and then you can manage them yourself.

[fla_panther]

or never to use authconfig or anything that might invoke authconfig

Seems a bit risky, hard to know whether or not something might invoke authconfig later. I guess I'll do some more reading on it. Thanks.