$Log$
+ Revision 580.41 2001/09/09 16:19:29 error
+ * Updated PAM configuration file citadel.pam for Red Hat 7.x.
+
Revision 580.40 2001/09/09 03:19:38 ajc
* cdb_cull_logs() now removes log files as soon as the log_archive() function
says it's ok to do so.
Fri Jul 10 1998 Art Cancro <ajc@uncensored.citadel.org>
* Initial CVS import
-
# $Id$
#
auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
-auth required /lib/security/pam_pwdb.so shadow
-auth required /lib/security/pam_shells.so
-account required /lib/security/pam_pwdb.so
+# Uncomment to use /etc/nologin
+#auth required /lib/security/pam_nologin.so
+auth required /lib/security/pam_stack.so service=system-auth
+account required /lib/security/pam_stack.so service=system-auth
+session required /lib/security/pam_stack.so service=system-auth
+
+
+# This file previously looked like this (see techdoc/PAM.txt):
+#auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
+#auth required /lib/security/pam_pwdb.so shadow
+#auth required /lib/security/pam_shells.so
+#account required /lib/security/pam_pwdb.so
-
+ The citadel.pam configuration file has been updated for Red Hat 7.1.
+If you have such a system, it should Just Work; if you don't, you're going to
+have to tweak it, preferably BEFORE you do a make install. See below. Even
+if you have Red Hat 7.1, you should look at the file anyway and understand how
+it affects your system security. The original PAM.txt is included below:
+
+
Citadel/UX 5.53 and later include support for Pluggable Authentication
Modules (PAM.) However, we don't recommend enabling this feature (./configure
--with-pam) unless you understand exactly how it will affect your system's
for every authentication service which uses PAM. We have automated this process
for Linux by supplying a file which is placed in /etc/pam.d during the
installation process, but not on other systems, for 2 reasons:
-
+
1) Other systems don't have /etc/pam.d; instead they use one big
configuration file, usually /etc/pam.conf. It's not quite as trivial to
automatically modify this file in a safe and secure fashion.
-
+
2) Other systems have a different set of available authentication
modules; they are likely to lack all three of the ones we use in the Linux
configuration. We don't have enough information about the features of the
authentication modules on other platforms to be able to provide secure
configurations.
-
+
That said, the configuration we've provided should work on at least
Red Hat Linux 4.2-5.2, (although we don't recommend building Citadel/UX on Red
Hat 4.x due to libc thread-safety issues) and if you understand PAM