* Updated PAM configuration file citadel.pam for Red Hat 7.x.

diff --git a/citadel/ChangeLog b/citadel/ChangeLog
index 7431ad098f5a8dcb761b4b08710005b3379b43b3..329542eac6b742cfafe4e142ad5dd38a279bf47d 100644 (file)
--- a/citadel/ChangeLog
+++ b/citadel/ChangeLog
@@ -1,4 +1,7 @@
  $Log$
+ Revision 580.41  2001/09/09 16:19:29  error
+ * Updated PAM configuration file citadel.pam for Red Hat 7.x.
+
  Revision 580.40  2001/09/09 03:19:38  ajc
  * cdb_cull_logs() now removes log files as soon as the log_archive() function
    says it's ok to do so.
@@ -2738,4 +2741,3 @@ Sat Jul 11 00:20:48 EDT 1998 Nathan Bryant <bryant@cs.usm.maine.edu>
 
 Fri Jul 10 1998 Art Cancro <ajc@uncensored.citadel.org>
        * Initial CVS import 
-

diff --git a/citadel/citadel.pam b/citadel/citadel.pam
index 02afd5e5be78b614f5f34e888a0745b958bd9bf6..0e4bdcab982cef8db6fb74cc2931576cd069fcbb 100644 (file)
--- a/citadel/citadel.pam
+++ b/citadel/citadel.pam
@@ -5,6 +5,15 @@
 # $Id$
 #
 auth       required    /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
-auth       required    /lib/security/pam_pwdb.so shadow
-auth       required    /lib/security/pam_shells.so
-account    required    /lib/security/pam_pwdb.so
+# Uncomment to use /etc/nologin
+#auth       required     /lib/security/pam_nologin.so
+auth       required     /lib/security/pam_stack.so service=system-auth
+account    required     /lib/security/pam_stack.so service=system-auth
+session    required     /lib/security/pam_stack.so service=system-auth
+
+
+# This file previously looked like this (see techdoc/PAM.txt):
+#auth       required   /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
+#auth       required   /lib/security/pam_pwdb.so shadow
+#auth       required   /lib/security/pam_shells.so
+#account    required   /lib/security/pam_pwdb.so

diff --git a/citadel/techdoc/PAM.txt b/citadel/techdoc/PAM.txt
index e296ddb4edf2db6c40829ab06af2ca5cb3338ee3..35f18809e35d5402b2a30e576a9e02f88d0e321a 100644 (file)
--- a/citadel/techdoc/PAM.txt
+++ b/citadel/techdoc/PAM.txt
@@ -1,4 +1,10 @@
-
+        The citadel.pam configuration file has been updated for Red Hat 7.1.
+If you have such a system, it should Just Work; if you don't, you're going to
+have to tweak it, preferably BEFORE you do a make install.  See below.  Even
+if you have Red Hat 7.1, you should look at the file anyway and understand how
+it affects your system security.  The original PAM.txt is included below:
+ 
+ 
        Citadel/UX 5.53 and later include support for Pluggable Authentication
 Modules (PAM.) However, we don't recommend enabling this feature (./configure
 --with-pam) unless you understand exactly how it will affect your system's
@@ -6,17 +12,17 @@ security. Specifically, the system administrator must supply a configuration
 for every authentication service which uses PAM. We have automated this process
 for Linux by supplying a file which is placed in /etc/pam.d during the
 installation process, but not on other systems, for 2 reasons:
-
+ 
        1) Other systems don't have /etc/pam.d; instead they use one big
 configuration file, usually /etc/pam.conf. It's not quite as trivial to
 automatically modify this file in a safe and secure fashion.
-
+ 
        2) Other systems have a different set of available authentication
 modules; they are likely to lack all three of the ones we use in the Linux
 configuration. We don't have enough information about the features of the
 authentication modules on other platforms to be able to provide secure
 configurations.
-
+ 
        That said, the configuration we've provided should work on at least
 Red Hat Linux 4.2-5.2, (although we don't recommend building Citadel/UX on Red
 Hat 4.x due to libc thread-safety issues) and if you understand PAM