r5781 - in trunk/BOOK: . introduction/welcome postlfs/security

Dan Nicholson dbn.lists at gmail.com
Fri Mar 31 08:58:31 PST 2006


On 3/31/06, Randy McMurchy <randy at linuxfromscratch.org> wrote:
>
> My understanding is that we comment out those lines in the login.defs
> file because we no longer want Shadow (login program) to handle these
> chores, instead, Linux-PAM does it.

Yeah, that's what happens.  It's just a matter of opinion, but I think
it's annoying that shadow complains about these variable being
undefined in login.defs.  I would prefer if they were just ignored. 
The reason they aren't ignored is because they truly are undefined
parameters in the source if PAM is installed.

Here's a snippet of lib/getdef.c:

static struct itemdef def_table[] = {
...
#ifndef USE_PAM
        {"CHFN_AUTH", NULL},
        {"CHSH_AUTH", NULL},
        {"CRACKLIB_DICTPATH", NULL},
        {"ENV_HZ", NULL},
        {"ENV_TZ", NULL},
...

However, if you remove the #ifndef USE_PAM and the corresponding
#endif, those parameters will be defined.  They won't do anything
because the tasks where they'd be used are handled by PAM, but now the
login.defs file doesn't have to be changed drastically.

It's not important.  The instructions work.

--
Dan



More information about the blfs-book mailing list