Re: Files in /etc/pam.d/

To: debian-user-list <debian-user@lists.debian.org>
Subject: Re: Files in /etc/pam.d/
From: Brian Brazil <bbrazil@netsoc.tcd.ie>
Date: Sun, 2 May 2004 10:46:32 +0100
Message-id: <[🔎] 20040502094631.GA24438@matrix.netsoc.tcd.ie>
Mail-followup-to: debian-user-list <debian-user@lists.debian.org>
In-reply-to: <[🔎] 1083457382.3004.89.camel@debby>
References: <[🔎] 1083442497.3004.33.camel@debby> <[🔎] 20040501202456.GA2717@comcast.net> <[🔎] 1083445481.3004.52.camel@debby> <[🔎] 20040501211207.GA3194@comcast.net> <[🔎] 1083457382.3004.89.camel@debby>

On Sun, May 02, 2004 at 02:23:02AM +0200, Wolfgang Pfeiffer wrote:
> On Sat, 2004-05-01 at 23:12, William Ballard wrote:
> > On Sat, May 01, 2004 at 11:04:41PM +0200, Wolfgang Pfeiffer wrote:
> > > Problem for me, as I said: no docs that I found so far on which file in
> > > /etc/pam.d is used by which service. Which currently renders the whole
> > > PAM system close to unusable for me ...
> > 
> > I don't know very much about how it works myself (except by casual 
> > observation and wild assed guesses -- I just leave it alone but I 
> > wondered about the change myself).
> > 
> > You can figure out what uses what by using dlocate -S to see the file 
> > that a package is in.
> 
> Thanks for pointing to it, but I think I was not very clear on what I
> meant with "no docs that I found so far on which file in /etc/pam.d is
> used by which service" With "service" I meant the apps that I run that
> check the files in /etc/pam.d when called. To know the package that the
> files in  /etc/pam.d are part of could be interesting, but knowing that
> doesn't probably help me much to understand why in one situation an app
> like passwd perhaps might be checking  /etc/pam.d/common-account and in
> another one /etc/pam.d/common-auth. (The latter just being examples).

passwd uses 'passwd'. su uses 'su'. console login is 'login'
dpkg -S should catch the rest - they're normally pretty obvious.
To know which apps use pam try 'ldd' to see if they list libpam.so

My memory of the PAM developer docs tells me that you just choose a
(preferably unique)service name. Use the source.

As mentioned in a previous post the 'common' files are used as included
files. pam_stack OTOH. Essentially call under a different PAM service
name and return (if appropriate). I imagine they are owned by libpam.

In theory this means you don't have to change 10+ file in pam.d every
time you make an auth change. You just add a call to common-auth etc.

> I found some docs in libpam-doc, but it seems they're rather dated and
> don't know anything about the files I mentioned in my first message. 

The file names are arbitary. I think Red Hat uses the same though...

Brian

Reply to:

References:
- Files in /etc/pam.d/
  - From: Wolfgang Pfeiffer <roto@gmx.net>
- Re: Files in /etc/pam.d/
  - From: William Ballard <40414.nospam@comcast.net>
- Re: Files in /etc/pam.d/
  - From: Wolfgang Pfeiffer <roto@gmx.net>
- Re: Files in /etc/pam.d/
  - From: William Ballard <40414.nospam@comcast.net>
- Re: Files in /etc/pam.d/
  - From: Wolfgang Pfeiffer <roto@gmx.net>

Prev by Date: Re: Upgrade to Sarge kills X
Next by Date: tclkit (and wikt) on Debian?
Previous by thread: Re: Files in /etc/pam.d/
Next by thread: Re: Files in /etc/pam.d/
Index(es):
- Date
- Thread