[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Devel] Strange PAM configuration?
I just had a look at the PAM configuration we are using, and was
surprised by the different config used. I looked at
/etc/pam.d/su-skolelinux and /etc/pam.d/kde-skolelinux.
% egrep -v "#|^ *$" /etc/pam.d/kde > /tmp/kde-short
% egrep -v "#|^ *$" /etc/pam.d/su > /tmp/su-short
% diff -uw /tmp/su-short /tmp/kde-short
--- /tmp/su-short 2003-04-24 16:49:06.000000000 +0200
+++ /tmp/kde-short 2003-04-24 16:49:06.000000000 +0200
@@ -1,6 +1,8 @@
-auth sufficient pam_rootok.so
-auth sufficient pam_unix.so
+auth required pam_nologin.so
+auth required pam_env.so
+auth sufficient pam_unix.so shadow nullok
auth required pam_ldap.so use_first_pass
-account sufficient pam_unix.so
-account required pam_ldap.so
+account sufficient pam_ldap.so
+account required pam_unix.so
session required pam_unix.so
+password required pam_unix.so nullok obscure min=4 max=8 md5
Why is 'account pam_unix' sufficient for su, but required for kde?
Why is 'account pam_ldap' required for su, but sufficient for kde?
Anyone know what these should look like?
(the files are in cfengine-skolelinux)