# Pam query

## trossachs

My World updates thus far have been thankfully without 'incident' however, I have come down to the last few Pam updates and I would like some advice before proceeding further.

I am advised of the following changes which I assume should be allowed through given that the new version of Pam has been installed, but I would just like to query this first:

```
--- /etc/pam.d/login    2007-04-20 00:54:26.000000000 +0000

+++ /etc/pam.d/._cfg0000_login  2007-12-09 19:15:35.000000000 +0000

@@ -1,10 +1,10 @@

 #%PAM-1.0

 auth       required    pam_securetty.so

-auth       include     system-auth

 auth       required    pam_tally.so file=/var/log/faillog onerr=succeed no_magic_root

 auth       required    pam_shells.so

 auth       required    pam_nologin.so

+auth       include     system-auth

 account    required    pam_access.so

 account    include     system-auth

@@ -12,7 +12,6 @@

 password   include     system-auth

-session    include     system-auth

 session    required    pam_env.so

 session    optional    pam_lastlog.so

 session    optional    pam_motd.so motd=/etc/motd

@@ -22,3 +21,5 @@

 # and read carefully README.pam_console in /usr/share/doc/pam*

 #session    optional   pam_console.so

+session    include     system-auth

+

>> (1 of 3) -- /etc/pam.d/login

>> q quit, h help, n next, e edit-new, z zap-new, u use-new

   m merge, t toggle-merge, l look-merge:

```

Have had 'Pam' issues in the past so would just like query this!   :Very Happy: 

----------

## bunder

looks okay to me.  if you were using ldap, it would strip out all that stuff, but you appear to be using just plain pam, so go for it.   :Wink: 

cheers

----------

## trossachs

Thanks for your prompt reply, bunder. One last one for you mate:

```
--- /etc/pam.d/system-auth      2007-04-20 00:54:20.000000000 +0000

+++ /etc/pam.d/._cfg0000_system-auth    2007-12-09 19:14:08.000000000 +0000

@@ -1,13 +1,13 @@

 #%PAM-1.0

 auth       required    pam_env.so

-auth       sufficient  pam_unix.so likeauth nullok

+auth       sufficient  pam_unix.so try_first_pass likeauth nullok

 auth       required    pam_deny.so

 account    required    pam_unix.so

-password   required    pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3

-password   sufficient  pam_unix.so nullok md5 shadow use_authtok

+password   required    pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 try_first_pass retry=3

+password   sufficient  pam_unix.so try_first_pass use_authtok nullok md5 shadow

 password   required    pam_deny.so

 session    required    pam_limits.so

>> (3 of 3) -- /etc/pam.d/system-auth

>> q quit, h help, n next, e edit-new, z zap-new, u use-new

   m merge, t toggle-merge, l look-merge:
```

----------

## trossachs

Forgot to ask: in your original post bunder, which line refers to ldap? Pam is still an anathema to me and ldap is something which I may well be implementing in future.   :Wink: 

----------

## bunder

yeah, that config update is fine too.

if you had ldap, you'd have lines referring to pam_ldap.so...   :Wink: 

edit: and don't forget to restart your daemons that use pam!   :Wink: 

----------

## trossachs

No worries, thanks bunder. Whilst we're here, I've just posted a thread in the 'Off the Wall' forum asking the question how people would feel about using their server as a backup for others. For example, if port 80 went down, would you be prepared to allow someone to divert their traffic to your box whilst their machine was down?

Obviously, they would have to continuously update their DocumentRoot with your machine to keep everything current. Have you any experience with this?

----------

