%general-entities; ]> $LastChangedBy$ $Date$ Linux-PAM The Linux PAM package contains Pluggable Authentication Modules used to enable the local system administrator to choose how applications authenticate users. &lfs74_checked; Package Information Download (HTTP): Download (FTP): Download MD5 sum: &linux-pam-md5sum; Download size: &linux-pam-size; Estimated disk space required: &linux-pam-buildsize; Estimated build time: &linux-pam-time; Additional Downloads Download (HTTP): Download MD5 sum: &linux-pam-docs-md5sum; Download size &linux-pam-docs-size; Linux PAM Dependencies Optional , , and Prelude Optional (To Rebuild the Documentation) , , , and User Notes: If you downloaded the documentation, unpack the tarball by issuing the following command. tar -xf ../Linux-PAM-&linux-pam-version;-docs.tar.bz2 --strip-components=1 Install Linux PAM by running the following commands: ./configure --prefix=/usr \ --sysconfdir=/etc \ --libdir=/usr/lib \ --enable-securedir=/lib/security \ --docdir=/usr/share/doc/Linux-PAM-&linux-pam-version; \ --disable-nis && make To test the results, a suitable /etc/pam.d/other configuration file must exist. If you have a system with Linux PAM installed and working, be careful when modifying the files in /etc/pam.d, since your system may become totally unusable. If you want to run the tests, you do not need to create another /etc/pam.d/other file. The installed one can be used for that purpose. You should also be aware that make install overwrites the configuration files in /etc/security as well as /etc/environment. In case you have modified those files, be sure to backup them. For a first installation, create the configuration file by issuing the following commands as the root user: install -v -m755 -d /etc/pam.d && cat > /etc/pam.d/other << "EOF" auth required pam_deny.so account required pam_deny.so password required pam_deny.so session required pam_deny.so EOF Now run the tests by issuing make check. Ensure there are no errors produced by the tests before continuing the installation. Only in case of a first installation, remove the configuration file created earlier by issuing the following command as the root user: rm -rfv /etc/pam.d Now, as the root user: make install && chmod -v 4755 /sbin/unix_chkpwd && for file in pam pam_misc pamc do mv -v /usr/lib/lib${file}.so.* /lib && ln -sfv ../../lib/$(readlink /usr/lib/lib${file}.so) /usr/lib/lib${file}.so done --enable-securedir=/lib/security: This switch sets install location for the PAM modules. --disable-nis: This switch disables building of the Network Information Service/Yellow Pages support in pam_unix and pam_access modules. Remove it if you have installed . chmod -v 4755 /sbin/unix_chkpwd: The unix_chkpwd helper program must be setuid so that non-root processes can access the shadow file. /etc/security/* and /etc/pam.d/* /etc/security/* /etc/pam.d/* Configuration information is placed in /etc/pam.d/. Below is an example file: # Begin /etc/pam.d/other auth required pam_unix.so nullok account required pam_unix.so session required pam_unix.so password required pam_unix.so nullok # End /etc/pam.d/other The PAM man page (man pam) provides a good starting point for descriptions of fields and allowable entries. The Linux-PAM System Administrators' Guide is recommended for additional information. Refer to for a list of various third-party modules available. You should now reinstall the package. Installed Program Installed Libraries Installed Directories mkhomedir_helper, pam_tally, pam_tally2, pam_timestamp_check, unix_chkpwd and unix_update libpam.so, libpamc.so and libpam_misc.so /etc/security, /lib/security, /usr/include/security and /usr/share/doc/Linux-PAM-&linux-pam-version; Short Descriptions mkhomedir_helper is a helper binary that creates home directories. mkhomedir_helper pam_tally is used to interrogate and manipulate the login counter file. pam_tally pam_tally2 is used to interrogate and manipulate the login counter file, but does not have some limitations that pam_tally does. pam_tally2 pam_timestamp_check is used to check if the default timestamp is valid pam_timestamp_check unix_chkpwd is a helper binary that verifies the password of the current user. unix_chkpwd unix_update is a helper binary that updates the password of a given user. unix_update libpam.so provides the interfaces between applications and the PAM modules. libpam.so