[arch-general] shadow upgrade /pam configuration files

Arno Gaboury arnaud.gaboury at gmail.com
Mon Jul 2 11:26:51 EDT 2012

Dear list,

I messed up my box yesterday when upgrading shadow, and trying to 
understand and merge /etc/pam.d/login with login.pacnew.

I thought it was worth adding the four lines of login.pacnew to my 
actual login file. But in this case, I found myself with a box login one 
user, me, on two Tty, asking for the password twice at the console login 
prompt, then when X started, all GUI apps were very long to diplay 
contents, and when I loged off/loged in, I could see I had two last 
login  on Tty messages . So I reverted to my original /etc/pam.d/login. 
Now everything is OK, but I am wondering if this denial of taling into 
account the login.pacnew would leave my system unstable.

TY for help and hints, as PAM and shadow are both quite obscure to me 
when it comes to configure.
Below is my actual /ect/pam.d/login . Not sure it is well configured !

> #%PAM-1.0
> #root is NOT allowed to login
> auth        required        pam_securetty.so
> #check user is allowed to login
> auth        requisite    pam_nologin.so
> #auth                include     system-local-login
> #default aut settings
> #auth include system-auth
> auth        required        pam_unix.so shadow nullok
> auth        required        pam_tally.so onerr=succeed 
> file=/var/log/faillog
> # use this to lockout accounts for 10 minutes after 3 failed attempts
> #auth        required       pam_tally.so deny=2 unlock_time=600 
> onerr=succeed file=/var/log/faillog
> #account         include      system-local-login
> # include the default account settings
> #account   include     system-account
> #check access for user
> account        required   pam_access.so
> account        required         pam_time.so
> account        required         pam_unix.so
> #password    required    pam_cracklib.so difok=2 minlen=8 dcredit=2 
> ocredit=2 retry=3
> #password    required    pam_unix.so sha512 shadow use_authtok
> #session           include      system-local-login
> session        required        pam_unix.so
> #set default environment for user
> session        required       pam_env.so
> session        required        pam_motd.so
> session        required       pam_limits.so
> session        optional      pam_mail.so dir=/var/spool/mail standard
> session        optional       pam_lastlog.so
> session        optional       pam_loginuid.so
> -session    optional    pam_ck_connector.so nox11
> -session    optional    pam_systemd.so

More information about the arch-general mailing list