[Techtalk] running kppp when not logged in as root
MMP - Barb Fox
mmp_fox at bellsouth.net
Wed Aug 31 01:53:37 EST 2005
>The solution was a change to the file /etc/pam.d/kppp
>
>I first changed
> auth required /lib/security/pam_stack.so service=system-auth
>to
> auth sufficient /lib/security/pam_stack.so service=system-auth
>
>that did not work, but I left the change in anyway
>
>I then added
> auth sufficient /lib/security/pam_console.so
>to the file
>
>
>If someone knows what that second change did, please
>let me know.
There is also documentation usually in /usr/share/doc/pam-x.y.version.
Under there are usually a couple directories, one in html format, another
in text, that are README's explaining the use of the different pam facilities.
pam_console is used to CHANGE the permissions of the user over to root if
they execute that program on the console. Then when the program is done,
they are switched back to their normal user permissions. Kind of like an su
(switch user). There's another piece to the pam puzzle: many of these
shared libraries (.so files) look in config files to see how they should
behave. The config files are often in /etc/security.
The file you changed says "When you run kppp, use the following Pluggable
Authentication Modules..." Then each of those modules does something or
checks something.
- Barb Fox
More information about the Techtalk
mailing list