Login Security

Scott Castaline hscast at charter.net
Fri Oct 3 12:54:01 PDT 2008


Dan Nicholson wrote:
> On Fri, Oct 3, 2008 at 11:58 AM, Scott Castaline <hscast at charter.net> wrote:
>> Started installing some security packages onto my LFS-6.3 base system.
>> Installed the following in the order listed:
>>
>> libgpg-error-1.5
>> tetex-3.0
>> libgcrypt-1.2.4
>> gnutls-1.6.3
>> cracklib-2.8.12
>> linux-pam-0.99.10.0 (created /etc/pam.conf as shown in blfs-6.3 book
>> under config info for this pkge)
>> shadow-4.0.18.1 (reinstall as required.)
>>
>> I did not finish making the configuration of shadow when I accidently
>> logged out. Now I can't login as either root or regular user. I'll enter
>> the login and it'll just sit there never asking for password before
>> finally stating Login incorrect. How do I fix this? Can I boot using the
>> LiveCD add in the scripts and be able to boot again from my system?
>> Also, which way should I go, using /etc/pam.conf configs or directory
>> based security using /etc/pam.d/<files>?
> 
> Yeah, you'll need to use a LiveCD or some other way to get to the pam
> configuration. I'd suggest using /etc/pam.d/login and getting rid of
> pam.conf (it would just get real bloated over time). There should be
> nothing wrong with the BLFS suggested login configuration, but in case
> you just can't get it working, this should at least work temporarily:
> 
> cat > /etc/pam.d/log << "EOF"
> auth      required     pam_unix.so nullok
> account   required     pam_unix.so
> session   required     pam_unix.so
> password  required     pam_cracklib.so retry=3
> password  required     pam_unix.so nullok md5 shadow use_authtok
> EOF
> 
> Realize that that's very permissive, so you'll want to get a more
> secure configuration once you're up and running again.
> 
> --
> Dan
Thanks Dan, I'll give that a try. Any config suggestions or material 
that could be useful in helping me. I'm not a programmer type as per se 
and this is an area (security) that I want to learn more about.



More information about the blfs-support mailing list