# updating pam [solved]

## Bullet Dodger

I've been putting this off for a while - but pam needs updated.

Now maybe i've had to much to drink, but this howto isn't very clear.

Alot of it is the reason why pam has changed.

 *Quote:*   

> 
> 
> Note:  Don't be scared of this guide: if you installed your system after about September 2005, the upgrade path should be quite painless, and this guide will just be an interesting read to you. If your system is older, but you upgraded regularly, and didn't configure PAM manually, you should also be fine, as most of the configuration files would have been upgraded already for you. If you customised your PAM configuration, you will probably have to upgrade it manually, but then you should already know how to handle that.
> 
> 

 

I've never configured pam, so should be easy.

 *Quote:*   

> 
> 
> What users have to do for most of the cases is either to install a new package (because the module was migrated out of the main sys-libs/pam ebuild), or to change the configuration so that it does not use the modules that were dropped. If you made changes to the PAM service configuration files, you should be able to handle all the changes. For those who never changed a configuration file, there is only one change that needs to be done, documented in the pam_stack and the include directive section.
> 
> 

 

OK, i can jump to this part of the howto.

 *Quote:*   

> 
> 
> To convert an old configuration file that uses pam_stack into an updated one that works with the include directive, you just need to replace the lines as shown: 
> 
> Code Listing 1.2: Replace pam_stack usage with the include directive
> ...

 

OK i need to update some config file from the old style to the new. 

I need to update auth, account, password and session.

Are these config files? 

Where do i find em?

Wot?

CheersLast edited by Bullet Dodger on Mon May 26, 2008 10:28 pm; edited 1 time in total

----------

## Bullet Dodger

Ah, 

I think i might have it

/etc/pam.d

```

tux pam.d # ls

chage      cvs        imap4     other   rexec      su           xscreensaver

chfn       ftp        imap4s    passwd  rlogin     sudo         xserver

chgpasswd  groupadd   imaps     pop     rsh        system-auth

chpasswd   groupdel   kde       pop3    saslauthd  useradd

chsh       groupmems  kde-np    pop3s   screen     userdel

cron       groupmod   login     pops    shadow     usermod

cups       imap       newusers  ppp     sshd       xdm

```

There is no auth, account and session, but there is a passwd.

```

tux pam.d # cat passwd 

#%PAM-1.0

auth       include      system-auth

account    include      system-auth

password   include      system-auth

tux pam.d # cat passwd 

#%PAM-1.0

auth       include      system-auth

account    include      system-auth

password   include      system-auth

```

Humm... Already in the new style ?!?

----------

## bunder

 *Bullet Dodger wrote:*   

> There is no auth, account and session, but there is a passwd.

 

nope, try each of those files in /etc/pam.d/ to see if they are using the old style.

cheers

----------

## tarpman

If you've never customized your PAM configuration, you should be ok after simply running etc-update (or whatever utility you use to update configuration files).  The HOWTO is mostly there to help people who have made changes to their configuration files that won't work in the new version.

----------

## Bullet Dodger

Yep, I've got it now.

The auth, account and session refer to the lines in the config files in /etc/pam.d

There were 2 using in the old style config lines.

Changed them and now pam.d has compiled.

Cheers

----------

## cazort

Call me stupid, but I don't think it's crystal clear exactly how to do the changes.  I have been reading the following page:

For example, my /etc/pam.d/imap file says:

```

auth       required     pam_nologin.so

auth       required     pam_stack.so service=system-auth

account    required     pam_stack.so service=system-auth

session    required     pam_stack.so service=system-auth

```

Should this be changed to:

```

auth    required     pam_nologin.so

auth    include      system-auth

account    include      system-auth

session    include      system-auth

```

I think the guide is written for the level of an expert user.  I'm not an expert.  I don't understand it!  I am not willing to do guesswork that could potentially break my system!

EDIT: I looked at a different box of mine that had the files up-to-date and saw that they indeed had this format.  But the whole process took really long and was annoying and unnecessary.  I don't even ever change anything in the PAM settings...why couldn't it just update the configuration files automatically?  This is irritating and is starting to make me think I should go for a PAM-less system.  PAM always seems to be a headache and I fail to understand what I'm gaining by using it.

----------

## Bullet Dodger

I will call u stupid (only joking)

I also didn't think it was crystal clear until I had that a-ha moment - the point at which u say "why didn't I c that b4"

And I hadn't modified PAM or know of the alteratives. But hey, u take the good wid the bad wid any distro. 

Gentoo gives u the flexability and also the ability to learn the internals of Linux. 

It also MAKES u learn the internals of Linux. 

U choose the distro that best draws the line between ease of use and configerability that suits u. 

Its just the price u pay.

----------

