Installation of Linux PAM
If you downloaded the documentation, unpack the tarball by issuing
the following command.
tar -xf ../Linux-PAM-1.1.7-docs.tar.bz2 --strip-components=1
Install Linux PAM by running the
following commands:
./configure --prefix=/usr \
--sysconfdir=/etc \
--docdir=/usr/share/doc/Linux-PAM-1.1.7 \
--disable-nis &&
make
To test the results, a configuration file must be created. This
file will be removed after the tests have completed. Ensure there
are no errors produced by the tests before continuing the
installation. First create the configuration file by issuing the
following commands as the root
user:
install -v -m755 -d /etc/pam.d &&
cat > /etc/pam.d/other << "EOF"
auth required pam_deny.so
account required pam_deny.so
password required pam_deny.so
session required pam_deny.so
EOF
Now run the tests by issuing make
check.
Remove the configuration file created earlier by issuing the
following command as the root
user:
rm -rfv /etc/pam.d
Now, as the root
user:
make install &&
chmod -v 4755 /sbin/unix_chkpwd
Command Explanations
--disable-nis
: This switch disables
building of the Network Information Service/Yellow Pages support in
pam_unix and pam_access modules. Remove it if you have installed
libtirpc-0.2.3.
chmod -v 4755
/sbin/unix_chkpwd: The unix_chkpwd helper program must
be setuid so that non-root
processes can access the shadow file.
Configuring Linux-PAM
Config Files
/etc/security/*
and /etc/pam.d/*
Configuration Information
Configuration information is placed in /etc/pam.d/
. Below is an example file:
# Begin /etc/pam.d/other
auth required pam_unix.so nullok
account required pam_unix.so
session required pam_unix.so
password required pam_unix.so nullok
# End /etc/pam.d/other
The PAM man page (man pam) provides a good
starting point for descriptions of fields and allowable entries.
The
Linux-PAM System Administrators' Guide is recommended for
additional information.
Refer to
http://debian.securedservers.com/kernel/pub/linux/libs/pam/modules.html
for a list of various third-party modules available.