On Sun, May 02, 2004 at 02:23:02AM +0200, Wolfgang Pfeiffer wrote: > On Sat, 2004-05-01 at 23:12, William Ballard wrote: > > On Sat, May 01, 2004 at 11:04:41PM +0200, Wolfgang Pfeiffer wrote: > > > Problem for me, as I said: no docs that I found so far on which file in > > > /etc/pam.d is used by which service. Which currently renders the whole > > > PAM system close to unusable for me ... > > > > I don't know very much about how it works myself (except by casual > > observation and wild assed guesses -- I just leave it alone but I > > wondered about the change myself). > > > > You can figure out what uses what by using dlocate -S to see the file > > that a package is in. > > Thanks for pointing to it, but I think I was not very clear on what I > meant with "no docs that I found so far on which file in /etc/pam.d is > used by which service" With "service" I meant the apps that I run that > check the files in /etc/pam.d when called. To know the package that the > files in /etc/pam.d are part of could be interesting, but knowing that > doesn't probably help me much to understand why in one situation an app > like passwd perhaps might be checking /etc/pam.d/common-account and in > another one /etc/pam.d/common-auth. (The latter just being examples).
passwd uses 'passwd'. su uses 'su'. console login is 'login' dpkg -S should catch the rest - they're normally pretty obvious. To know which apps use pam try 'ldd' to see if they list libpam.so My memory of the PAM developer docs tells me that you just choose a (preferably unique)service name. Use the source. As mentioned in a previous post the 'common' files are used as included files. pam_stack OTOH. Essentially call under a different PAM service name and return (if appropriate). I imagine they are owned by libpam. In theory this means you don't have to change 10+ file in pam.d every time you make an auth change. You just add a call to common-auth etc. > I found some docs in libpam-doc, but it seems they're rather dated and > don't know anything about the files I mentioned in my first message. The file names are arbitary. I think Red Hat uses the same though... Brian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
