hscast at charter.net
Fri Oct 3 12:54:01 PDT 2008
Dan Nicholson wrote:
> On Fri, Oct 3, 2008 at 11:58 AM, Scott Castaline <hscast at charter.net> wrote:
>> Started installing some security packages onto my LFS-6.3 base system.
>> Installed the following in the order listed:
>> linux-pam-0.99.10.0 (created /etc/pam.conf as shown in blfs-6.3 book
>> under config info for this pkge)
>> shadow-126.96.36.199 (reinstall as required.)
>> I did not finish making the configuration of shadow when I accidently
>> logged out. Now I can't login as either root or regular user. I'll enter
>> the login and it'll just sit there never asking for password before
>> finally stating Login incorrect. How do I fix this? Can I boot using the
>> LiveCD add in the scripts and be able to boot again from my system?
>> Also, which way should I go, using /etc/pam.conf configs or directory
>> based security using /etc/pam.d/<files>?
> Yeah, you'll need to use a LiveCD or some other way to get to the pam
> configuration. I'd suggest using /etc/pam.d/login and getting rid of
> pam.conf (it would just get real bloated over time). There should be
> nothing wrong with the BLFS suggested login configuration, but in case
> you just can't get it working, this should at least work temporarily:
> cat > /etc/pam.d/log << "EOF"
> auth required pam_unix.so nullok
> account required pam_unix.so
> session required pam_unix.so
> password required pam_cracklib.so retry=3
> password required pam_unix.so nullok md5 shadow use_authtok
> Realize that that's very permissive, so you'll want to get a more
> secure configuration once you're up and running again.
Thanks Dan, I'll give that a try. Any config suggestions or material
that could be useful in helping me. I'm not a programmer type as per se
and this is an area (security) that I want to learn more about.
More information about the blfs-support