RedHat develops a set of external modules for use with Linux-PAM. This includes the pam_console module which can be used by some programs such as HAL and gnome-volume-manager. The purpose of pam_console is to indicate which user is active at the console and take appropriate actions. It does this by listing active users in the /var/run/console directory and assigning one to the console.lock file.

Package Information

Installation of pam_console

The module must be installed during the build of Linux-PAM. Before running configure, execute the following commands from the root of the Linux-PAM source tree to include the pam_console module.

tar -xf ../pam-redhat-0.99.5-1.tar.bz2 && 
sed -i 's,modules/Makefile,& modules/pam_console/Makefile,' \ && 
sed -i 's/SUBDIRS =/& pam_console/' modules/ && 
sed -i '/^permsd_DATA/d' modules/pam_console/ && 
autoreconf -v

Command Explanations

sed -i '/^permsd_DATA/d' modules/pam_console/ The default configuration for pam_console is to change device permissions for users when it is determined who is the console user. However, the BLFS system expects that users will be members of the groups that the relevant devices are part of. This makes the altering of device permissions unnecessary, so the installation of a configuration file is suppressed.

Configuring pam_console

As noted above, the altering of device permissions is unnecessary on a BLFS system. In this case, only the console locking actions are needed. Replace one of the pam_console configuration files to achieve this.

cat > /etc/security/console.handlers << "EOF"
# Begin /etc/security/console.handlers
console consoledevs tty[0-9][0-9]* vc/[0-9][0-9]* :[0-9]\.[0-9] :[0-9]

Note: See the Shadow page for configuring login to use the pam_console module. Also see the gdm page for configuring the Display Manager to use the pam_console module.


Last modified 16 years ago Last modified on 08/21/2006 09:25:43 PM
Note: See TracWiki for help on using the wiki.