Login Security

Dan Nicholson dbn.lists at gmail.com
Fri Oct 3 12:26:49 PDT 2008

On Fri, Oct 3, 2008 at 11:58 AM, Scott Castaline <hscast at charter.net> wrote:
> Started installing some security packages onto my LFS-6.3 base system.
> Installed the following in the order listed:
> libgpg-error-1.5
> tetex-3.0
> libgcrypt-1.2.4
> gnutls-1.6.3
> cracklib-2.8.12
> linux-pam- (created /etc/pam.conf as shown in blfs-6.3 book
> under config info for this pkge)
> shadow- (reinstall as required.)
> I did not finish making the configuration of shadow when I accidently
> logged out. Now I can't login as either root or regular user. I'll enter
> the login and it'll just sit there never asking for password before
> finally stating Login incorrect. How do I fix this? Can I boot using the
> LiveCD add in the scripts and be able to boot again from my system?
> Also, which way should I go, using /etc/pam.conf configs or directory
> based security using /etc/pam.d/<files>?

Yeah, you'll need to use a LiveCD or some other way to get to the pam
configuration. I'd suggest using /etc/pam.d/login and getting rid of
pam.conf (it would just get real bloated over time). There should be
nothing wrong with the BLFS suggested login configuration, but in case
you just can't get it working, this should at least work temporarily:

cat > /etc/pam.d/log << "EOF"
auth      required     pam_unix.so nullok
account   required     pam_unix.so
session   required     pam_unix.so
password  required     pam_cracklib.so retry=3
password  required     pam_unix.so nullok md5 shadow use_authtok

Realize that that's very permissive, so you'll want to get a more
secure configuration once you're up and running again.


More information about the blfs-support mailing list