ALT Linux users (in English only)
 help / color / mirror / Atom feed
From: Alexander Bokovoy <>
To: "ALT Linux users (in English only)" <>
Subject: Re: [Comm-en] PAM with ALT Linux
Date: Fri, 09 Nov 2007 22:07:52 +0300
Message-ID: <> (raw)
In-Reply-To: <>

Dmitry V. Levin пишет:
> Hi,
> On Fri, Nov 09, 2007 at 02:56:02PM +0100, Daniel Rocher wrote:
>> I'm a developer and I have a problem with ALT Linux and PAM 
>> (authentification).
>> My program use PAM. this is PAM configuration file:
>> auth            required nullok
>> auth            required 
>> file=/etc/qtsmbstatusd/qtsmbstatusd.users onerr=fail sense=allow item=user
>> account         required
>> session         required
>> password        required
>> It work very well with: Ubuntu, Mandriva, Fedora Core 6, Open Suse 10.2 ...
>> And I don't understand why not with Alt Linux (installed with 
>> lite-cd-20071106.iso) ?
>> Have you an idee ?
> Could you provide more details how it doesn't work, please?
> Where it fails, how it fails, credentials of process which fails,
> log message (in /var/log/auth/all) if any, etc.
Shouldn't it be related to TCB? This PAM config completely ignores the
fact that auth info in default ALT Linux installation is done through
TCB, therefore pam_tcb should be used instead of pam_unix. Below is our
system-auth-local which is included by default by other services:

auth     required shadow fork prefix=$2a$ count=8 nullok
account  required shadow fork
password required min=disabled,24,12,8,7 max=40 
passphrase=3 match=4 similar=deny random=42 enforce=users retry=3
password required use_authtok shadow fork prefix=$2a$ 
count=8 nullok write_to=tcb
session  required
session  required
session  required

Daniel, you'd probably need to supply an ALTLinux-customized PAM config 
for your application made along these lines. Better, use the following 
(not tested):

auth     include        system-auth
auth     required 
file=/etc/qtsmbstatusd/qtsmbstatusd.users onerr=fail sense=allow item=user
account  include        system-auth
password include        system-auth
session  include        system-auth

It relies on the fact that we have system-wide 'system-auth' PAM config 
which does common magic (like system-auth-local above).
/ Alexander Bokovoy
Samba Team            
ALT Linux Team        
Midgard Project Ry    

  reply	other threads:[~2007-11-09 19:07 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-11-09 13:56 Daniel Rocher
2007-11-09 17:23 ` Dmitry V. Levin
2007-11-09 19:07   ` Alexander Bokovoy [this message]
2007-11-09 20:21     ` Daniel Rocher
2007-11-09 21:04       ` Michael Shigorin
2007-11-09 21:30         ` [Comm-en] Help Unsubbing Rachel Ramey
2007-11-09 22:01         ` [Comm-en] PAM with ALT Linux Daniel Rocher
2007-11-09 19:58   ` Daniel Rocher

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

ALT Linux users (in English only)

This inbox may be cloned and mirrored by anyone:

	git clone --mirror community-en/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 community-en community-en/ \
	public-inbox-index community-en

Example config snippet for mirrors.
Newsgroup available over NNTP:

AGPL code for this site: git clone