Etc/pam.d/login is different - okay to replace with original?

Similar Messages

• [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

  ... results in
  2,21c2,7
  < auth required pam_securetty.so
  < auth requisite pam_nologin.so
  < auth required pam_unix.so nullok
  < auth required pam_tally.so onerr=succeed file=/var/log/faillog
  < # use this to lockout accounts for 10 minutes after 3 failed attempts
  < #auth required pam_tally.so deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog
  < account required pam_access.so
  < account required pam_time.so
  < account required pam_unix.so
  < #password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
  < #password required pam_unix.so sha512 shadow use_authtok
  < session required pam_unix.so
  < session required pam_env.so
  < session required pam_motd.so
  < session required pam_limits.so
  < session optional pam_mail.so dir=/var/spool/mail standard
  < session optional pam_lastlog.so
  < session optional pam_loginuid.so
  < -session optional pam_ck_connector.so nox11
  < -session optional pam_systemd.so
  >
  > auth required pam_securetty.so
  > auth requisite pam_nologin.so
  > auth include system-local-login
  > account include system-local-login
  > session include system-local-login
  Is it safe to use new  /etc/pam.d/login?
  Last edited by student975 (2012-07-05 11:54:37)

  I assume that tomegun meant using the new one rather than booting with the old one. (The latter might also be fine - I've no idea.)
  I'm a bit confused about the role which /etc/pam.d/passwd is playing now. Should options I've added here be duplicated for the password lines in e.g. system-auth? Currently, I have this in passwd:
  password required pam_unix.so sha512 shadow nullok rounds=65536
  but since system-auth etc. seems to have its own password lines, I'm wondering if having this in passwd is now either pointless or at least insufficient.
  The default set up, if I understand it correctly, is not actually that different from the old one. The diff above is missing the additions:
  > auth include system-local-login
  > account include system-local-login
  > session include system-local-login
  I think this is invoking the stuff in /etc/pam.d/system-local-login which in turn calls system-login and system-auth, for example. If you compare the cumulative effect, I believe there are only minor differences which don't impact security e.g. to do with announcing the last login time or displaying message of the day.
  EDIT: So adding that stuff all back into login just duplicates stuff with maybe some very minor differences such as requiring message of the day etc.
  Last edited by cfr (2012-07-04 23:25:35)

• Linux: /etc/pam.d/system-auth config w/ Sun Directory Server 6.2

  I have a RHEL 4.3 WS system authenticating againd a Sun Directory Server 6.2 ldap server. I've configured my linux as an ldap client according to Redhat and Sun docs:
  http://kbase.redhat.com/faq/FAQ_79_6031.shtm
  http://www.sun.com/bigadmin/features/articles/nis_ldap_part3.jsp#P3
  My problem is with the /etc/pam.d/system-auth file. I've configured it according to the above sun doc but receive an error in /var/logs/ messages with this one line:
  account    [default=bad   success=ok user_unknown=ignore err=ignore
  authinfo_unavail=ignore] /lib/security/$ISA/pam_ldap.soThe error returned is:
  Mar  5 22:54:29 hostname sshd: PAM pam_parse: expecting return value;
  [...err=ignore authinfo_unavail=ignore]Login works fine if I comment that line, but I'd like to correct the error in that statement. Any help would be appreciated.
  Here is my entire /etc/pam.d/system-auth file:
  #%PAM-1.0
  # This file is auto-generated.
  # User changes will be destroyed the next time authconfig is run.
  auth        required      /lib/security/$ISA/pam_env.so
  auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth
  nullok
  auth        sufficient    /lib/security/$ISA/pam_ldap.so
  use_first_pass
  auth        required      /lib/security/$ISA/pam_deny.so
  account     required      /lib/security/$ISA/pam_unix.so
  account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid <
  100 quiet
  account    [default=bad   success=ok user_unknown=ignore err=ignore
  authinfo_unavail=ignore] /lib/security/$ISA/pam_ldap.so
  account    [default=bad   success=ok user_unknown=ignore err=ignore
  authinfo_unavail=ignore] /lib/security/$ISA/pam_ldap.so
  account     required      /lib/security/$ISA/pam_permit.so
  password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
  password    sufficient    /lib/security/$ISA/pam_unix.so nullok
  use_authtok md5 shadow nis remember=12
  password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
  password    sufficient    /lib/security/$ISA/pam_unix.so nullok
  use_authtok md5 shadow
  password    required      /lib/security/$ISA/pam_deny.so
  session     required      /lib/security/$ISA/pam_limits.so
  session     required      /lib/security/$ISA/pam_unix.soThanks.
  keywords:
  linux ldap sun directory server pam.d system-auth

  You do realize there is a decdicated Directory Server forum?
  It can be readily found on the Enterprise System forum page.
  http://forum.java.sun.com/index.jspa?tab=es

• How can I set up two iPhones with the same contact, photos, music etc... but a different sim card and phone number. They will both be my phones, but one will be for use in other countries.

  How can I set up two iPhones with the same contact, photos, music etc... but a different sim card and phone number. They will both be my phones, but one will be for use in other countries.

  Phone A = phone with information you want duplicated
  Phone B = phone that you want to copy from A
  Backup Phone A.
  Wipe Phone B using these instructions. What to do before selling or giving away your iPhone, iPad, or iPod touch - Apple Support
  Phone B should be on the 'Hello' screen. Do not swipe it. Launch iTunes. Plug in Phone B.
  When iTunes asks if you want to set up as new phone or restore from backup, choose restore from backup of Phone A.
  After this setup, any changes to one phone (i.e. adding a contact, downloading an app) will have to be manually duplicated on the second phone, if that is your desire). Making changes to one phone will not affect the other after setup.

• I want to buy my 2 children a iPad each, will they be able to share apps, music etc if they both have different accounts?

  I want to buy my 2 children a iPad each, will they be able to share apps, music etc if they both have different accounts?

  Only if you have one iTunes account on one computer and then they sync their iPad to that same computer. Make sure that each iPad is named different. And then each can share the same apps or not share as they wish.

• HT3819 My old computer is broken so bought new one.When logged into itunes had to reset password etc.Anyway once on all playlist were different and can't find original stuff.I thought I would just log on and it would be my playlists but not to be.Help ple

  My old computer is broken so bought new one.When logged into itunes had to reset password etc.Anyway once on, all playlists were different and can't find original stuff.I thought I would just log on and I would carry on as usual  but not to be.Help please.

  Donmcp wrote:
  I thought I would just log on and I would carry on as usual 
  Why would you think this?  That's an ignorant assumption to make.
  Your media is only where you put it.
  Either move it from the old computer or restore it from the backup of the old computer.

• How can I use firefox between windows 7 & windows XP on a network, where we are using Samba server. If a user logs on different workstation(and OS) with same account.

  we have a Linux fileserver with Samba share and have several users.
  The users tend to be in different locations and need to login at different workstations, sometimes the workstation may be WindowsXP and othertimes it is windows7.
  How can we use Firefox & Thunderbird in this situation.
  I find that Windows7 uses compressed files to store the location information.
  when a user logs on to win7 it creates a new account.

  we have a Linux fileserver with Samba share and have several users.
  The users tend to be in different locations and need to login at different workstations, sometimes the workstation may be WindowsXP and othertimes it is windows7.
  How can we use Firefox & Thunderbird in this situation.
  I find that Windows7 uses compressed files to store the location information.
  when a user logs on to win7 it creates a new account.

• I'm getting my "new iPad" on Friday.  I'm replacing my original iPad (iPad 1).  Since I will not be going to the Apple store to get my iPad, can someone walk me thru what I should do to set up my new iPad on Friday?  I want to transfer my iPad 1 apps etc.

  I'm getting my "new" iPad on Friday.  I'm replacing my "original" iPad (1).  Since I preordered and will be receiving my iPad directly I will not be picking it up from the Apple store, so no set up from them.  Can someone walk me thru what I must to do get my new iPad up and running.  I want to transfer my info, apps, etc. to my new iPad but I also want to pass on my old one to a family member who uses the same computer.  How shall I proceed?  Thanks!

  If you want everything that's on your current iPad onto the new one, then you can first copy all purchases off the iPad to your computer's iTunes via File > Transfer Purchases. You can then backup your current iPad and restore the new iPad from that backup (a list of what is included in a backup is in this article - it excludes music, videos, synced photos). As the backup doesn't contain the actual apps, just their settings and content, for the restore to work completely you'll need all the relevant apps in your computer's iTunes library - otherwise the restore won't be able to install the apps and therefore their content (which is one reason to do File > Transfer Purchases, if that doesn't copy them over then you can re-download them for free : http://support.apple.com/kb/HT2519).
  The restore won't copy passwords onto a different device, so you will need to re-enter your email, router, and any website passwords onto the new iPad.
  Depending on what you want to remain on the iPad, you can then either leave it as it is or log out of your account on it (tap on it in Settings > Store) and then wipe it via Settings > General > Reset > Erase All Content And Settings.

• A new account was created on Behance when I signed in with my Adobe ID. My Adobe ID uses a different email address than my original Behance sign in email address. How do I access my original Behance account?

  A new account was created on Behance when I signed in with my Adobe ID. My Adobe ID uses a different email address than my original Behance sign in email address. How do I access my original Behance account?

  Hi – I’m resending you the instructions I got from Adobe-Sarah below again.
  Nancy
  Sarahktrapp at Adobe sent me instructions on how to access my original account on behance. Please read all of this because it did not work completely the way she told me.
  Phase 1:
  Sarah’s from Adobe Instructions:
  Thanks for getting in touch. Your Behance account (be.net/yourname) is connected to the Adobe ID ( your original behance email address), so this is what you'll need to use to login.
  Please click login, click the Adobe ID button, and enter ( your original behance email address) and your Adobe ID password.
  If you'd like to link your Behance account with a different Adobe ID, after you're into your account, you can visit this page and choose "link to a different Adobe ID:" https://www.behance.net/portfolio/promote
  Phase 2:
  My results and what I reported back to Sarah at Adobe:
  I followed your instructions, but it did not work for me. I clicked login, and then clicked the Adobe ID, I entered ( my original behance email address) and my Adobe ID password. When I clicked Sign In a message says “The Adobe ID and password do not match. Please try again.” I then tried logging in by clicking the Adobe ID, added the (my original behance email address) with my password I used on the original Behance account. The Adobe ID asked my birthdate and it seemed to work. Not sure how it worked, but thanks.
  I hope this helps you.
  Nancy

• Why can I login to iTunes from my phone with no problem, but I can't login to iTunes from my desktop.

  Why can I login to iTunes from my phone with no problem, but I can't login to iTunes from my desktop using the same login credentials. I can use a different appleID and login to itunes with no problem.

  Thanks for your reply.  I mean that only when all of my music in the cloud is shown on my phone can I delete the music stored on my phone.  I should be able to delete music that is stored on my phone when I can view ONLY the music that is taking up the phone's memory.

• I want Firefox to ask me if I want to save this password for login purposes. It did that with the first 3 sites i went to... but now it stopped asking!

  Question...
  I want Firefox to ask me if I want to save this password for login purposes. It did that with the first 3 sites i went to... but now it stopped asking!
  I've gone to several DIFFERENT websites that require a login and in ALL instances since the first 3 it saved... I don't get the popup window asking if I want to save the password.
  How do I get that feature back????
  Thanks...
  Rick

  Hi seraphim99,
  You will get that [http://dmcritchie.mvps.org/icons/fx4_quittabs.png Quit Firefox message] "Do you want to save your tabs for the next time it starts?" [Save and Quit] [Quit] [Cancel] if you follow what is currently step 31 in the link I had provided [http://dmcritchie.mvps.org/firefox/firefox-problems.htm#tabslost Restoring tabs from a lost session] (#tabslost)
  Which indicates as follows: (boldface is user set)
  * <b>browser.showQuitWarning user set boolean true</b>
  * browser.tabs.warnOnClose default boolean true
  * browser.warnOnQuit default boolean true
  * <b>browser.warnOnRestart user set boolean true</b>
  Links were included there for assistance with '''about:config''' for those that don't know how to change configuration variables, along with additional reference for that and so that other similar questions of making Firefox 4 look/act like Firefox 3.6.17 would also be answered particularly the items in the first 10 steps in the same area. Which was addressed by the following part of my original reply
  You can make Firefox 4.0.1 look like Firefox 3.6.17, see numbered items 1-10 in the following topic ["http://dmcritchie.mvps.org/firefox/firefox-problems.htm#fx4interface Fix Firefox 4.0 toolbar user interface, problems (Make Firefox 4.0 look like 3.6)].
  I don't know if you looked at the web page or not, but I've highlighted some additional words there to try to make the webpage more clear to others in the future.
  Hope that Helps

• If i got a new iTunes and it doesn't have anysongs on it and my ipod does, will my ipod lose all the songs, apps and etc. i have on it if i sync it with the new itunes?

  if i got a new iTunes and it doesn't have anysongs on it and my ipod does, will my ipod lose all the songs, apps and etc. i have on it if i sync it with the new itunes?

  If you transfer any iTunes content to the iPhone from an iTunes library on another computer, all iTunes content on the iPhone will be erased first with a warning message provided indicating this beforehand.
  Authorize the different computer with your Apple ID with iTunes. With your iPhone connected and without syncing, right click on the iPhone under Devices in the iTunes source list and at the menu window that appears, select Transfer Purchases. This will transfer all apps on your iPhone to the iTunes library.

• HT203433 I downloaded apps with one appleid on my iphone.  When my account was disabled I set up a new appleid & account.  Now I cannot update apps on my iphone that were downloaded with original appleid when I login with my new apple id.  What do I need

  I downloaded apps with one appleid on my iphone.  When my account was disabled I set up a new appleid & account.  Now I cannot update apps on my iphone that were downloaded with original appleid when I login with my new apple id.  What do I need to do?

  You can write into support and ask for help reenabling the account through this link here:
  http://www.apple.com/support/itunes/contact/
  Since the applications were purchased on the older account, you will need to log into that account to update them. The newer account will not recognize the purchases because they are not a part of the purchase history for the specific account.

• I can't install ADE on my PC, because as I try to open it a message of error appears to me: The application will be closed. I've already try with different browsers and also with the manual installation, but nothing..

  I can't install ADE on my PC, because as I try to open it a message of error appears to me: The application will be closed. I've already try with different browsers and also with the manual installation, but nothing..

  1
  Close all iWork applications
  2
  Uninstall Keynote; this must be done with an application remover tool to delete the installation properly. Appcleaner is known to work correctly for this purpose, it is free and can be downloaded from here: Appcleaner Download
  3
  empty the trash
  4
  shutdown the Mac and restart. After the start up chime, hold down the shift key until the apple logo appears
  let the Mac complete the start up procedure completely, it will take longer than usual as the hard drive is being repaired
  5
  Reinstall Keynote by logging into the Mac App Store using download / install

• A different way to deal with "unknown" user after upgrade from Tiger.

  It's a known issue that doing upgrade and install or archive and install from Tiger to Leopard, produces a lot of folders with "unknown" group in their "get info" panel. This has to do with a different group structure in Tiger and Leopard.
  In Tiger, every user has their own private group with the same name as the username. That group is set to be user's primary group.
  In leopard, every new user with an account is a member of the group staff (gid=20) which is not present in Tiger. Leopard doesn't fully understand Tiger's private group structure, hence the "unknown" group. This causes various problems such as Finder crashes when trying to change the permissions and ownership in the get info window.
  Apple's proposed way of dealing with this is described [here|http://docs.info.apple.com/article.html?artnum=307128].
  However, this method doesn't change the existing group structure and doesn't resolve all the problems.
  I'd like to suggest a different way of dealing with it.
  1. create a new admin user (if you don't have one already), log out of your primary account and log into the new one.
  2. enter the following in terminal:
  *sudo dscl . delete /users/"username"*
  where username is the short name of the user on the main account (not the one you are currently logged into).
  This will delete that user.
  3. Log out/in.
  4. go to system preferences->accounts and create a new user with the name and short name exactly as the one you've deleted in step 2.
  You'll be get a popup saying that a home directory by this name already exists and asking if you want to use it. Say "Yes".
  That's it. Your main user will be recreated using the native group structure of Leopard with gid=20(staff). Permissions on your home directory will be reset with correct group and ownership.
  I tested the process on my powerbook after an upgrade and install from Tiger to leopard and it worked without a hitch.
  I like this method better than Apple's because it completely gets rid of Tiger's group structure which was creating all the confusion. The only downside as far as I can see is that you might have to manually change the group ownership on some files belonging to the main user that sit outside your home directory.
  I would appreciate any comments on this.

  hmm, I confess, I did this before installing 10.5.2 so i can't say for sure. However, I've dealt with a few people (see e.g. this [thread|http://discussions.apple.com/thread.jspa?messageID=7012957]) who are running 10.5.2 and still have this issue. I don't know what if anything 10.5.2 did about this but I'm quite sure that it didn't change the group structure inherited from Tiger.
  Message was edited by: V.K.