[ale] sshd and PAM
Chris Ricker
kaboom at gatech.edu
Wed Nov 19 19:20:26 EST 2003
On Wed, 19 Nov 2003, Joe Bayes wrote:
>
> Hi folks,
>
> I have a couple questions.
>
> First, can anybody point me to some documentation on the pam_stack.so
> module? I've figured out that it was added to PAM by RedHat, but I
> can't seem to find out anything else about it.
The docs, such as they are, are
/usr/share/doc/pam-0.77/txts/README.pam_stack
Basically, it's a module which calls other pam configuration files so that
you can daisy-chain config files. If you have something like
/etc/pam.d/system-auth
----------------------
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
and
/etc/pam.d/sshd
---------------
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so
Then the contents of the system-auth config file get substituted by
pam_stack, so your effective sshd config is:
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required pam_nologin.so
password required pam_stack.so service=system-auth
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional pam_console.so
> Second, can anybody give me a clue as to why I can't ssh in to my box
> as non-root? Furthermore, why is it that commenting out the line:
>
> session required pam_stack.so service=system-auth
>
> in my /etc/pam.d/sshd fixes the problem?
If you post /etc/pam.d/system-auth in addition to the /etc/pam.d/sshd, then
we can piece them together and figure it out....
later,
chris
More information about the Ale
mailing list