Installation of Linux PAM
If you downloaded the documentation, unpack the tarball by issuing
the following command.
tar -xf ../Linux-PAM-1.1.8-docs.tar.bz2 --strip-components=1
Install Linux PAM by running the
following commands:
./configure --prefix=/usr \
--sysconfdir=/etc \
--libdir=/usr/lib \
--enable-securedir=/lib/security \
--docdir=/usr/share/doc/Linux-PAM-1.1.8 &&
make
To test the results, a suitable /etc/pam.d/other
configuration file must exist.
Reinstallation or upgrade of Linux PAM
If you have a system with Linux PAM installed and working, be
careful when modifying the files in /etc/pam.d
, since your system may become
totally unusable. If you want to run the tests, you do not need
to create another /etc/pam.d/other
file. The installed one can be used for that purpose.
You should also be aware that make
install overwrites the configuration files in
/etc/security
as well as
/etc/environment
. In case you have
modified those files, be sure to backup them.
For a first installation, create the configuration file by issuing
the following commands as the root
user:
install -v -m755 -d /etc/pam.d &&
cat > /etc/pam.d/other << "EOF"
auth required pam_deny.so
account required pam_deny.so
password required pam_deny.so
session required pam_deny.so
EOF
Now run the tests by issuing make
check. Ensure there are no errors produced by the
tests before continuing the installation.
Only in case of a first installation, remove the configuration file
created earlier by issuing the following command as the
root
user:
rm -rfv /etc/pam.d
Now, as the root
user:
make install &&
chmod -v 4755 /sbin/unix_chkpwd &&
for file in pam pam_misc pamc
do
mv -v /usr/lib/lib${file}.so.* /lib &&
ln -sfv ../../lib/$(readlink /usr/lib/lib${file}.so) /usr/lib/lib${file}.so
done
Command Explanations
--enable-securedir=/lib/security
:
This switch sets install location for the PAM modules.
chmod -v 4755
/sbin/unix_chkpwd: The unix_chkpwd helper program must
be setuid so that non-root
processes can access the shadow file.
Configuring Linux-PAM
Config Files
/etc/security/*
and /etc/pam.d/*
Configuration Information
Configuration information is placed in /etc/pam.d/
. Below is an example file:
# Begin /etc/pam.d/other
auth required pam_unix.so nullok
account required pam_unix.so
session required pam_unix.so
password required pam_unix.so nullok
# End /etc/pam.d/other
The PAM man page (man pam) provides a good
starting point for descriptions of fields and allowable entries.
The Linux-PAM
System Administrators' Guide is recommended for additional
information.
Refer to
http://debian.securedservers.com/kernel/pub/linux/libs/pam/modules.html
for a list of various third-party modules available.