[arch-general] shadow upgrade /pam configuration files

Tom Gundersen teg at jklm.no
Mon Jul 2 12:47:03 EDT 2012

Leaving the old file in place should work. Also replacing it with the new
one should work. I guess you did something in between?
On Jul 2, 2012 5:27 PM, "Arno Gaboury" <arnaud.gaboury at gmail.com> wrote:

> Dear list,
> I messed up my box yesterday when upgrading shadow, and trying to
> understand and merge /etc/pam.d/login with login.pacnew.
> I thought it was worth adding the four lines of login.pacnew to my actual
> login file. But in this case, I found myself with a box login one user, me,
> on two Tty, asking for the password twice at the console login prompt, then
> when X started, all GUI apps were very long to diplay contents, and when I
> loged off/loged in, I could see I had two last login  on Tty messages . So
> I reverted to my original /etc/pam.d/login. Now everything is OK, but I am
> wondering if this denial of taling into account the login.pacnew would
> leave my system unstable.
> TY for help and hints, as PAM and shadow are both quite obscure to me when
> it comes to configure.
> Below is my actual /ect/pam.d/login . Not sure it is well configured !
>  #%PAM-1.0
>> #root is NOT allowed to login
>> auth        required        pam_securetty.so
>> #check user is allowed to login
>> auth        requisite    pam_nologin.so
>> #auth                include     system-local-login
>> #default aut settings
>> #auth include system-auth
>> auth        required        pam_unix.so shadow nullok
>> auth        required        pam_tally.so onerr=succeed
>> file=/var/log/faillog
>> # use this to lockout accounts for 10 minutes after 3 failed attempts
>> #auth        required       pam_tally.so deny=2 unlock_time=600
>> onerr=succeed file=/var/log/faillog
>> #account         include      system-local-login
>> # include the default account settings
>> #account   include     system-account
>> #check access for user
>> account        required   pam_access.so
>> account        required         pam_time.so
>> account        required         pam_unix.so
>> #password    required    pam_cracklib.so difok=2 minlen=8 dcredit=2
>> ocredit=2 retry=3
>> #password    required    pam_unix.so sha512 shadow use_authtok
>> #session           include      system-local-login
>> session        required        pam_unix.so
>> #set default environment for user
>> session        required       pam_env.so
>> session        required        pam_motd.so
>> session        required       pam_limits.so
>> session        optional      pam_mail.so dir=/var/spool/mail standard
>> session        optional       pam_lastlog.so
>> session        optional       pam_loginuid.so
>> -session    optional    pam_ck_connector.so nox11
>> -session    optional    pam_systemd.so

More information about the arch-general mailing list