>I do not have much experience with PAM, but in conversations with
>others relating to our Solaris servers (versions 2.6 thru 9), I'm under
>the impression that we are not using it.
You're probably using it under the covers from almost any
application you use that authenticates. Ssh is the only common
application that, depending on how you've got it configured, *might* not
be using PAM that I can think of offhand, we'll see what others say...
Quote:>In a recent audit of some of our files, we were cited with having some
>servers "less secure" than others simply by virtue of the entries
>within /etc/pam.conf. They do seem to differ, especially when
>comparing the 2.6 servers with more current versions (7 thru 9).
Sun changed the pam config files on all these version releases,
so they are supposed to be different.
Quote:>My questions become: "IF we are not using PAM, I would presume that we
>do not have a need to access the /etc/pam.conf file. That being said,
>do we even need it (i.e. can it be removed without serious
>ramifications)? How would one go about determining IF it is "actually"
cp /dev/null /etc/pam.conf, and you'll know pretty soon <g>...
DON'T REALLY DO THAT, or you'll be booting off CDs to recover
and booking flights to SC to find me and beat me up.
ls -lu /etc/pam.conf is a safer way to convince yourself
that something is looking at /etc/pam.conf on a pretty regular
man ftpd and man telnetd, for example, outline those daemons uses of pam.