Home > Articles > Programming > Android

  • Print
  • + Share This

IMPORTANT NOTES ABOUT CONFIGURING PAM

This chapter provides an introductory look at PAM. Many examples are described and some usage tips are provided. Doubtless, however, many of you will have configuration ideas of your own. This section provides some simple, but important, notes about configuring PAM for your environment.

Table 5.16 Overview of PAM-Aware Applications

Application

Availability

chfn

Red Hat 5.2/6.0

chsh

Red Hat 5.2/6.0

ftp

Red Hat 5.2/6.0

imap

Red Hat 5.2/6.0

linuxconf

Red Hat 5.2/6.0

linuxconf-pair

Red Hat 5.2/6.0

login

Red Hat 5.2/6.0

mcserv

Red Hat 5.2/6.0

other

Red Hat 5.2/6.0

passwd

Red Hat 5.2/6.0

ppp

Red Hat 5.2/6.0

rexec

Red Hat 5.2/6.0

rlogin

Red Hat 5.2/6.0

rsh

Red Hat 5.2/6.0

samba

Red Hat 5.2/6.0

su

Red Hat 5.2/6.0

sudo*

Publicly Available

vlock

Red Hat 5.2/6.0

xdm

Red Hat 5.2/6.0

xlock

Red Hat 5.2/6.0


First, and foremost, always copy your existing, functioning /etc/pam.d configuration files before making any changes. It is entirely possible to lock out all users, including root, through PAM misconfiguration. By retaining working copies, you will always be able to boot into single-user mode (see A Note about LILO on page 22 in Chapter 3 for information about booting into single-user mode), correct the configuration, and bring the system back up.

Second, configure your /etc/pam.d directory with the permissions read/ write/execute by root only, and configure its contents read/write by root only. No one else needs to read the contents of this directory. You may accomplish this with

         # chmod u=rwx /etc/pam.d
         # cd /etc/pam.d
         # chmod u=rw *

Third, test your configuration ideas in a safe, preferably nonproduction environment. Try as many possible variations as you can think of before going live. Remember, the order of PAM modules in a stack is significant. Different orders will produce different behavior. Normally you will want pam_pwdb last in the auth stack. Don't forget the control flag settings either. The use of different control flags will cause radically different behavior in many cases. The same holds true for any arguments associated with the different modules. Remember, different module types for the same PAM module will support different arguments.

Fourth, and last, Linux is publicly available software. So are the PAM modules. There aren't any exacting quality assurance programs before release and distribution. In fact, quite frequently, you are the quality assurance mechanism! In short, your success with PAM will vary depending upon the release you obtained, the version of Linux you are running, your hardware platform, and perhaps other factors. Use the resources in Appendix A and any other support mechanisms available to you.

  • + Share This
  • 🔖 Save To Your Account

Related Resources

There are currently no related titles. Please check back later.