Thoughts on PAM

Greg T Hill greghill at terranova.net
Sat Jun 17 04:12:55 PDT 2000


I can't even get PAM to compile, if I try to compile dynamic it errors out at the
pam_mkhomedir module, saying ld can't find -lpam. ?  If I try a static compile it
dies on pam_unix after a warning about implicit decalaration of Fascist check.
If I try again saying no to 'have cracklib'  it dies saying it can't find -lnsl,
which was installed with glibc... I tried a glibc patch from Caldera, but got the
same results.  I also get reams of warnings about arithmetic pointer of type
"void  *" in /usr/include/bits/string2.h, which seems to be fairly common.
I have cracklib, libpwdb installed.  I also have tcp wrappers and libwrap,  but
I haven't configured anything using tcp wrappers, because I wanted to tie it in
with PAM.  I would really like to learn how to configure these, but not being
able to compile PAM has me stuck. A lot of older packages seem to be broken with
the newer glibc versions.  We might try the security and networking newsgroups
for help, I haven't been following any of the ng's since I started LFS  two
months ago.



"Eric A. Ayer" wrote:

> Hello all.
>
> I have been reading the documentation for PAM again (3rd time or so), and I
> think that I am beginning to understand it.  There was some talk a while ago
> about including it in LFS, and I've kind of been waiting for someone else to
> figure it out and implement it, but that someone else is just gonna have to be
> me.
>
> I think it would be a good addition to the project.  Basically, I have a
> machine on the 'net, and I gotta pay attention to security.  PAM is really
> complex, and so it is hard to understand, but it's also very configurable.
> Each application can be configured seperately (each app that needs to authen-
> ticate a user), and the the steps to determine whether to grant authentication
> can do a lot of things.  For example, ftp access may be granted to anonymous
> right away, skipping the rest of the chain, or it may continue, asking for a
> password, checking against forbidden users, checking where the login is from,
> etc.
>
> There is a new, and mostly undocumented, way to "program" the chain of auth
> steps to take any of multiple paths.  If one steps fails, it could skip the
> next three, and continue from there.  In this way, auth becomes a program of
> sorts.
>
> In order to figure this out, I'm currently downloading redhell 6.2, which
> should have lots of PAM configuration examples, as well as support for my SCSI
> card (makes it possible to write lilo scripts to include the SCSI disk, as
> well as the IDE).  However, if anyone knows anything about PAM, I would
> greatly appreciate help in understanding it myself.  Like I say, the documen-
> tation is sparse and really hard to follow.
>
>                                         -Erik
>
> --
> Mail archive: http://www.pcrdallas.com/mail-archives/lfs-discuss
> IRC access: server: irc.linuxfromscratch.org port: 6667 channel: #LFS
> News Reader access: news.pcrdallas.com
> Unsubscribe: email lfs-discuss-request at linuxfromscratch.org and put
> "unsubscribe" (without the quotation marks) in the body of the message
> (no subject is required)

--
Mail archive: http://www.pcrdallas.com/mail-archives/lfs-discuss
IRC access: server: irc.linuxfromscratch.org port: 6667 channel: #LFS
News Reader access: news.pcrdallas.com
Unsubscribe: email lfs-discuss-request at linuxfromscratch.org and put
"unsubscribe" (without the quotation marks) in the body of the message
(no subject is required)



More information about the lfs-dev mailing list