PAM/RedHat: pop3 /etc/pam.d config

PAM/RedHat: pop3 /etc/pam.d config

Post by Jordan Ritt » Sat, 23 Aug 1997 04:00:00



Hello, folks.

I have one particular RedHat 4.1 system that I upgrade parts of, on
occasion. My most recent change to this system was the installation of the
PAM 0.57 and pwdb RPMs. Unfortunately, the pop3 and imap /etc/pam.d
configuration files were not installed with them.

Question 1:
Could someone please point me in the direction of an /etc/pam.d/pop3 config
file, or email me theirs? I made my own, but it does not work. I RTFM
for about 10 minutes, across various and sundry files, and I really didn't
catch on how to evaluate a specific service for what PAM modules it needs,
and what parameters should be passed to them.

Question 2:
Well then, how *does* one evaluate a service (old or new) for what PAM
modules it needs?

Thanks for your help. Please email replies to question 1.

--

Jordan Ritter
Systems Admin, Software Developer     Assistant Systems Administrator
Analytical Design Solutions, Inc.        Department of EECS, Vast Lab
Harrisburg, PA                       Lehigh University, Bethlehem, PA

                                *   *   *

 
 
 

1. redhat 6.1, PAM, and having to alter /etc/pam.d/kppp

At last, an ng with some PAM threads! 8-)

I noticed someone recommend a couple of articles at
www.securityfocus.com for PAM; I'll check those out at some point. On
that topic, any other recommendations from people for decent PAM
documentation would be most welcome as all I've managed to find has been
rather none-too-great. It tends to be rather low-depth and leave a lot
of things hanging (like what, exactly, does use_authtok do?).

On that topic, still, and leading to my main reason for posting, the
best documentation I've found was "The Linux-PAM System Administrator's
Guide" and that mentioned nothing about 'pam_xauth.so'! I'd be very
interested in stuff written at a level for people to use in
setting/configuring a system.

Now ... I've been using kppp myself and entering the root password each
time. Following 'the recommended' way to give users access to kppp (a
linunx HOWTO IIRC), I've installed sudo. The problem I had was one of
"Xlib: connection to :0.0 refused by server". I tracked this down to the
"session optional /lib/security/pam_xauth.so" line. The symptoms are
cured by changing 'pam_xauth.so' with 'pam_permit.so'. As it's an
'optional' module, I reckon there's not really a security issue in using
pam_permit. kppp wasn't dying due to a failure in authentication, it
just wasn't able to get access to the console display.

My question(s): *is* there any problem/issue I might be leaving myself
open to doing this? What does pam_xauth do? Is there a 'better' (more
elegant/secure etc.) way to prevent the failure of this 'session'
module?

Regards, Guy Maskall

2. Is this echo dead?

3. PAM (/etc/pam.conf).....Is It Needed?

4. Announce: NCSA HTTPd 1.5.1 Beta 2

5. ftp chroot jail dir & pam 1.0 /etc/pam.d/ftp file

6. Status of MCC?

7. PAM and /etc/pam.conf

8. who is using paging space .....

9. then it must be pam (not in /etc/login.defs, not in /etc/default/useradd)

10. POP3 with PAM & OPIE

11. PAM with POP3 and FTP

12. POP3 server with PAM ?

13. PAM and POP3 and FTP