This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

system-auth file - virtualmin modified?

5 posts / 0 new

Topic locked

Last post

#1 Wed, 04/15/2009 - 06:08

kato

system-auth file - virtualmin modified?

Hi, I got the following warnings during an update: [code:1]warning: /etc/yum.repos.d/CentOS-Base.repo created as /etc/yum.repos.d/CentOS-Base.repo.rpmnew warning: /etc/pam.d/system-auth created as /etc/pam.d/system-auth.rpmnew warning: /etc/modprobe.d/blacklist-firewire created as /etc/modprobe.d/blacklist-firewire.rpmnew warning: /etc/smartd.conf created as /etc/smartd.conf.rpmnew[/code:1]

Of particular note to me was the system-auth changes. I'm not really sure what the "pam_succeed_if.so uid >= 500 quiet" et al are for. Here's what the diff looks like... [code:1][root@server etc]# diff /etc/pam.d/system-auth /etc/pam.d/system-auth.rpmnew 5,6c5 < auth sufficient pam_unix.so nullok try_first_pass

< auth requisite pam_succeed_if.so uid >= 500 quiet

> auth sufficient pam_unix.so try_first_pass nullok 10,11d8 < account sufficient pam_succeed_if.so uid < 500 quiet < account required pam_permit.so 13,14c10,11 < password requisite pam_cracklib.so try_first_pass retry=3

< password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok

> password required pam_cracklib.so try_first_pass retry=3 > password sufficient pam_unix.so try_first_pass use_authtok nullok md5 shadow[/code:1]

Anyone know if it's okay for me to apply the new rpm? Are any of these settings related to virtualmin?

#2 Wed, 04/15/2009 - 09:38

Joe

None are related to Virtualmin.

I'm sure the CentOS/RHEL folks know what they're doing. At least, I hope so, since we're all trusting them. ;-)

--

Check out the forum guidelines!

#3 Wed, 04/15/2009 - 10:21 (Reply to #2)

ronald

I see this file too
can I just rename /etc/pam.d/system-auth to /etc/pam.d/system-auth.old
and
/etc/pam.d/system-auth.rpmnew to /etc/pam.d/system-auth ?

#4 Wed, 04/15/2009 - 11:03 (Reply to #3)

Joe

Yeah, that'd work. I'm not sure what it's intended to correct, but, again, I guess they know what they're doing.

--

Check out the forum guidelines!

#5 Wed, 04/15/2009 - 11:07 (Reply to #4)

Joe

Oh, but even though we trust the Red Hat folks, I <i>would</i> suggest testing logins after making the change before ending your root session (e.g. start up another ssh session and make sure you can login). I don't think system-auth has any impact on Webmin's logins, even if you're using PAM with Webmin, so you could probably fix any problems via Webmin...but better to be safe when talking about a remote server and PAM.

(For those having no idea what I'm talking about: PAM is the pluggable authentication modules system, which provides the mechanisms by with users are authenticated, or logged into, a Linux or UNIX system. If PAM is broken, logins will be broken. So, it <i>is</i> a potentially dangerous thing to tinker with.)

--

Check out the forum guidelines!

Topic locked