[Techtalk] PAM questions: system-auth, common-*, winbind

Wim De Smet kromagg at gmail.com
Sat Apr 30 00:45:49 EST 2005


On 4/29/05, Carla Schroder <carla at bratgrrl.com> wrote:
> OK guruz, here's a chewy one for you. I am rassling with PAM and not winning.
> The problem is how different distributions configure it. Red Hat has a master
> PAM file called "system-auth", which I believe acts a global default.
> Correct?
> 
> Now we move to Debian. Is there something similar? I see files called
> 
> common-account
> common-auth
> common-password
> common-session
> 
> Do these also function as a global default?

kinda, they get included by most of the other services files.

> 
> The problem is configuring winbind modules for PAM. I really don't care for
> the idea of configurating every single flippin' service separately for users
> authenticated via winbind, I want a nice global pam config. you know, like in
> the good old days of /etc/pam.conf

Well I don't think it's that bad, given that the number of services
usually isn't very high, and it's a very flexible scheme. If you want
to know what services don't include common-auth:
grep '@include common-auth' * (in the pam.d dir)

> 
> And I dare you to find this documented anywhere that makes sense.
> 

This one I think:
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html is
very good. Also, debian has the libpam-doc package.

greets,
Wim


More information about the Techtalk mailing list