- Timestamp:
- 08/09/2005 12:14:30 AM (19 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- 083e8871
- Parents:
- 60791bf
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/shadow.xml
r60791bf r1ba671c 118 118 <title>Config Files</title> 119 119 120 <para><filename>/etc/pam.d/*</filename>, or alternatively, 121 <filename>/etc/pam.conf</filename></para> 120 <para><filename>/etc/pam.d/*</filename> or alternatively 121 <filename>/etc/pam.conf, /etc/login.defs and 122 /etc/security/*</filename></para> 122 123 123 124 <indexterm zone="shadow pam.d"> … … 129 130 </indexterm> 130 131 132 <indexterm zone="shadow pam.d"> 133 <primary sortas="e-etc-login.defs">/etc/login.defs</primary> 134 </indexterm> 135 136 <indexterm zone="shadow pam.d"> 137 <primary sortas="e-etc-security">/etc/security/*</primary> 138 </indexterm> 139 131 140 </sect3> 132 141 … … 134 143 <title>Configuration Information</title> 135 144 136 <para>Add the following <application>Linux-PAM</application> configuration 137 files to <filename class="directory">/etc/pam.d/</filename> (or add them 138 to <filename>/etc/pam.conf</filename> with the additional field for 139 the program).</para> 145 <sect4 id="pam-login-defs"> 146 <title>Configuring /etc/login.defs</title> 147 148 <para>The <command>login</command> program currently performs many 149 functions which <application>Linux-PAM</application> modules should 150 now handle. The following <command>sed</command> command will comment 151 out the appropriate lines in <filename>/etc/login.defs</filename>, and 152 stop <command>login</command> from performing these functions (a backup 153 file named <filename>/etc/login.defs.orig</filename> is also created 154 to preserve the original file's contents):</para> 155 156 <indexterm zone="shadow pam-login-defs"> 157 <primary sortas="e-etc-login.defs">/etc/login.defs</primary> 158 </indexterm> 159 160 <screen role="root"><userinput>install -v -m644 /etc/login.defs /etc/login.defs.orig && 161 for FUNCTION in LASTLOG_ENAB MAIL_CHECK_ENAB \ 162 PORTTIME_CHECKS_ENAB CONSOLE \ 163 MOTD_FILE NOLOGINS_FILE PASS_MIN_LEN \ 164 SU_WHEEL_ONLY MD5_CRYPT_ENAB \ 165 CONSOLE_GROUPS ENVIRON_FILE \ 166 ULIMIT ENV_TZ ENV_HZ ENV_SUPATH \ 167 ENV_PATH QMAIL_DIR MAIL_DIR MAIL_FILE \ 168 CHFN_AUTH FAILLOG_ENAB QUOTAS_ENAB FTMP_FILE 169 do 170 sed -i -e "s/^$FUNCTION/# &/" /etc/login.defs 171 done</userinput></screen> 172 173 <para>If you have <application>CrackLib</application> installed, 174 also comment out four more lines using the following command:</para> 175 176 <screen role="root"><userinput>for FUNCTION in OBSCURE_CHECKS_ENAB CRACKLIB_DICTPATH \ 177 PASS_CHANGE_TRIES PASS_ALWAYS_WARN 178 do 179 sed -i -e "s/^$FUNCTION/# &/" /etc/login.defs 180 done</userinput></screen> 181 182 </sect4> 183 184 <sect4> 185 <title>Configuring the /etc/pam.d/ Files</title> 186 187 <para>Add the following <application>Linux-PAM</application> configuration 188 files to <filename class="directory">/etc/pam.d/</filename> (or add them 189 to <filename>/etc/pam.conf</filename> with the additional field for 190 the program).</para> 191 192 </sect4> 140 193 141 194 <sect4> … … 267 320 <para>At this point, you should do a simple test to see if 268 321 <application>Shadow</application> is working as expected. Open 269 another term and log in as a user, then <command>su</command> to322 another terminal and log in as a user, then <command>su</command> to 270 323 <systemitem class="username">root</systemitem>. If you do not see any 271 324 errors, then all is well and you should proceed with the rest of the … … 274 327 fix the error, you should recompile <application>Shadow</application> 275 328 replacing <option>--with-libpam</option> with 276 <option>--without-libpam</option> in the above instructions. If you 329 <option>--without-libpam</option> in the above instructions (also move 330 the <filename>/etc/login.defs.orig</filename> backup file to 331 <filename>/etc/login.defs</filename>). If you 277 332 fail to do this and the errors remain, you will be unable to log into 278 333 your system.</para> … … 348 403 </sect4> 349 404 350 <sect4 id="pam-login-defs">351 <title>Configuring /etc/login.defs</title>352 353 <para>The <command>login</command> program currently performs many354 functions which <application>Linux-PAM</application> modules should355 now handle. The following command will comment out the appropriate356 lines in <filename>/etc/login.defs</filename>, and stop357 <command>login</command> from performing these functions:</para>358 359 <indexterm zone="shadow pam-login-defs">360 <primary sortas="e-etc-login.defs">/etc/login.defs</primary>361 </indexterm>362 363 <screen role="root"><userinput>for FUNCTION in LASTLOG_ENAB MAIL_CHECK_ENAB \364 PORTTIME_CHECKS_ENAB CONSOLE \365 MOTD_FILE NOLOGINS_FILE PASS_MIN_LEN \366 SU_WHEEL_ONLY MD5_CRYPT_ENAB \367 CONSOLE_GROUPS ENVIRON_FILE \368 ULIMIT ENV_TZ ENV_HZ ENV_SUPATH \369 ENV_PATH QMAIL_DIR MAIL_DIR MAIL_FILE \370 CHFN_AUTH FAILLOG_ENAB QUOTAS_ENAB FTMP_FILE371 do372 sed -i -e "s/^$FUNCTION/# &/" /etc/login.defs373 done</userinput></screen>374 375 <para>If you have <application>CrackLib</application> installed,376 also comment out four more lines using the following command:</para>377 378 <screen role="root"><userinput>for FUNCTION in OBSCURE_CHECKS_ENAB CRACKLIB_DICTPATH \379 PASS_CHANGE_TRIES PASS_ALWAYS_WARN380 do381 sed -i -e "s/^$FUNCTION/# &/" /etc/login.defs382 done</userinput></screen>383 384 </sect4>385 386 405 </sect3> 387 406
Note:
See TracChangeset
for help on using the changeset viewer.