%general-entities; ]> $LastChangedBy$ $Date$ Linux-PAM The Linux-PAM package contains Pluggable Authentication Modules. This is useful to enable the local system administrator to choose how applications authenticate users. &lfs70_checked; Package Information Download (HTTP): Download (FTP): Download MD5 sum: &linux-pam-md5sum; Download size: &linux-pam-size; Estimated disk space required: &linux-pam-buildsize; Estimated build time: &linux-pam-time; Additional Downloads Download (HTTP): Download MD5 sum: &linux-pam-docs-md5sum; Download size &linux-pam-docs-size; Linux-PAM Dependencies Optional , , , (for the pam_userdb module), and Prelude Optional (To {,Re}build the Documentation) , , , , and User Notes: If you downloaded the documentation, unpack the tarball by issuing the following command. tar -xf ../Linux-PAM-&linux-pam-version;-docs.tar.bz2 --strip-components=1 Install Linux-PAM by running the following commands: ./configure --sbindir=/lib/security \ --docdir=/usr/share/doc/Linux-PAM-&linux-pam-version; \ --disable-nis \ --enable-read-both-confs && make To test the results, a configuration file must be created. This file will be removed after the tests have completed. Ensure there are no errors produced by the tests before continuing the installation. First create the configuration file by issuing the following commands as the root user: install -v -m755 -d /etc/pam.d && cat > /etc/pam.d/other << "EOF" auth required pam_deny.so account required pam_deny.so password required pam_deny.so session required pam_deny.so EOF Now run the tests by issuing make check. Remove the configuration file created earlier by issuing the following command as the root user: rm -rfv /etc/pam.d Now, as the root user: make install && chmod -v 4755 /lib/security/unix_chkpwd && mv -v /lib/security/pam_tally /sbin --sbindir=/lib/security: This parameter results in three executables, two of which are not intended to be run from the command line, being installed in the same directory as the PAM modules. The other executable is later moved to the /sbin directory. --docdir=...: This parameter results in the documentation being installed in a versioned directory name. --disable-nis: This option disables building Network Information Service/Yellow Pages support in pam_unix and pam_access. The RPC implementation in glibc (on which NIS/YP depends) is deprecated. However, the same functionality is provided by Libtirpc so if you've installed you can remove the --disable-nis option. --enable-read-both-confs: This parameter allows the local administrator to choose which configuration file setup to use. chmod -v 4755 /lib/security/unix_chkpwd: The unix_chkpwd password-helper program must be setuid so that non-root processes can access the shadow-password file. mv -v /lib/security/pam_tally /sbin: The pam_tally program is designed to be run by the system administrator, possibly in single-user mode, so it is moved to the appropriate directory. /etc/security/* and /etc/pam.d/* or /etc/pam.conf /etc/security/* /etc/pam.d/* /etc/pam.conf Configuration information is placed in /etc/pam.d/ or /etc/pam.conf depending on system administrator preference. Below are example files of each type: # Begin /etc/pam.d/other auth required pam_unix.so nullok account required pam_unix.so session required pam_unix.so password required pam_unix.so nullok # End /etc/pam.d/other # Begin /etc/pam.conf other auth required pam_unix.so nullok other account required pam_unix.so other session required pam_unix.so other password required pam_unix.so nullok # End /etc/pam.conf The PAM man page (man pam) provides a good starting point for descriptions of fields and allowable entries. The Linux-PAM System Administrators' Guide is recommended for additional information. Refer to for a list of various third-party modules available. You should now reinstall the package. Installed Program Installed Libraries Installed Directories pam_tally libpam.{so,a}, libpamc.{so,a}, libpam_misc.{so,a} and numerous PAM modules /etc/security, /lib/security, /usr/include/security, /usr/share/doc/Linux-PAM-&linux-pam-version;, and /var/run/sepermit Short Descriptions pam_tally is used to view or manipulate the faillog file. pam_tally libpam.{so,a} provides the interfaces between applications and the PAM modules. libpam.{so,a}