home *** CD-ROM | disk | FTP | other *** search
- PAM for DEBIAN
- --------------
-
- PAM (Pluggable Authentication Modules) provides system administrators with a
- powerful method of controlling system access and methods of authentication.
-
- The documentation for PAM is packaged in the "libpam-doc" package. The
- "Linux-PAM System Administrator's Guide" covers configuring PAM, what
- modules are available etc. The documentation also includes "The Linux-PAM
- Application Developers' Guide" and "The Linux-PAM Module Writers' Guide".
-
- The Debian default configuration is to emulate the old UNIX authentication.
-
- The Debian PAM packages live at svn://svn.debian.org/pkg-pam/. The
- current version is in the trunk directory; previous versions live in
- the tags directory.
-
- Changes Since Debian 3.0
- ------------------------
-
- The pam_securetty module used to prompt for a password when it was
- going to fail access. This Debian-specific patch defeats one of the
- key uses of this module: to deny access to privileged accounts soon
- enough in the PAM stack that the password is never requested and is
- not compromised over insecure network links. If you want to ask for
- the password use required not requisite in your PAM config.
-
- Previously, pam_rhosts allowed the .rhosts file to be a symlink. This
- was a debian specific change that has been dropped because it is not
- the upstream behavior nor is it the documented behavior of ruserok(3).
-
- Similarly, pam_listfile used to allow the user file to be a symlink.
- This is no longer allowed because upstream seems to be against the
- change. Please see discussion started by Sam Hartman on
- pam-list@redhat.com during the May 2002 time frame.
-
-
