At last, an ng with some PAM threads! 8-)
I noticed someone recommend a couple of articles at
www.securityfocus.com for PAM; I'll check those out at some point. On
that topic, any other recommendations from people for decent PAM
documentation would be most welcome as all I've managed to find has been
rather none-too-great. It tends to be rather low-depth and leave a lot
of things* (like what, exactly, does use_authtok do?).
On that topic, still, and leading to my main reason for posting, the
best documentation I've found was "The Linux-PAM System Administrator's
Guide" and that mentioned nothing about 'pam_xauth.so'! I'd be very
interested in stuff written at a level for people to use in
setting/configuring a system.
Now ... I've been using kppp myself and entering the root password each
time. Following 'the recommended' way to give users access to kppp (a
linunx HOWTO IIRC), I've installed sudo. The problem I had was one of
"Xlib: connection to :0.0 refused by server". I tracked this down to the
"session optional /lib/security/pam_xauth.so" line. The symptoms are
cured by changing 'pam_xauth.so' with 'pam_permit.so'. As it's an
'optional' module, I reckon there's not really a security issue in using
pam_permit. kppp wasn't dying due to a failure in authentication, it
just wasn't able to get access to the console display.
My question(s): *is* there any problem/issue I might be leaving myself
open to doing this? What does pam_xauth do? Is there a 'better' (more
elegant/secure etc.) way to prevent the failure of this 'session'
Regards, Guy Maskall