Very Computer

So, we upgraded to Solaris 2.6 (sparc) and installed the recommended
patches, etc.

in.ftpd (running out of inetd) continuously complains about
/etc/pam.conf.

If /etc/pam.conf is not writable by group (but readable by just root, or
root and group or everybody, or writable by root but not group,
whatever) then it spits out this message when someone quits:

May 23 14:28:57 rigel ftpd[26204]: open_pam_conf: stat(/etc/pam.conf)
failed: No such file or directory

And if /etc/pam.conf is mode 660 or 664 (writable by group) it sees
something different and spits out this message when someone logs in:

May 23 14:30:40 rigel ftpd[26320]: open_pam_conf: /etc/pam.conf writable
by group

but no message when someone quits.

Could someone share their experience with pam? Everything seems to work,
but these messages are annoying. Thanks. Best regards.

Mark Hedges

 > So, we upgraded to Solaris 2.6 (sparc) and installed the recommended
 > patches, etc.

 > in.ftpd (running out of inetd) continuously complains about
 > /etc/pam.conf.

 > If /etc/pam.conf is not writable by group (but readable by just root,
or
 > root and group or everybody, or writable by root but not group,
 > whatever) then it spits out this message when someone quits:

According to my research on just-installed Solaris 2.6 systems, the
permissions on /etc/pam.conf should be 644.

 > Could someone share their experience with pam? Everything seems to
work,
 > but these messages are annoying. Thanks. Best regards.

I don't understand pam or what its purpose is. My first experiences with
it were from RedHat Linux, where it suddenly appeared after an upgrade.
At the time, there was no documentation for it, period. I couldn't find
any on the system, on the CDROM, or even on the Web. Even with the
sparse documentation I've found now, I don't know what purpose it
serves.

Quote:>I don't understand pam or what its purpose is. My first experiences with
>it were from RedHat Linux, where it suddenly appeared after an upgrade.
>At the time, there was no documentation for it, period. I couldn't find
>any on the system, on the CDROM, or even on the Web. Even with the
>sparse documentation I've found now, I don't know what purpose it
>serves.

PAM is the pluggable authentication module and it attempts to resolve
this by allowing you to create dynamically loadable authentication
modules that implement your authentication scheme.

Now to do kerberos you can just create a PAM module that implements
kerberos and list it in the appropriate place in /etc/pam.conf to
arrange for programs to start using it without modifying the programs
themselves.

--
-- Frank Peters    Mississippi State University    Systems and Networks
-- fwp at net.msstate.edu    +1 (601) 325-0741   FAX: +1 (601) 325-8921

  http://hoth.stsci.edu/public/pam/ - pointer to Solaris PAM docs.

Regards,
V.
--
Vadim Kolontsov
Tver Internet Center NOC