The "authconfig" command rewrites the file:
/etc/pam.d/system-auth
but doesn't allow for complete customization. I want to hand tune the =
system-auth file to introduce desired settings, but those changes are =
discarded when authconfig is later run. Any alternatives?
There are two types of changes I need to add to /etc/pam.d/system-auth:
a) change default arguments or supply more arguments to existing PAM =
modules:
a.1) adding argument for password history retention:
adding "remember=3D4" to the "password .. pam_unix.so"=20
a.2) changing defaults of existing arguments:
changing "retry=3D2" or "type=3DFOO" to the "password .. =
pam_cracklib.so".'
b) add new PAM modules to the stack:
for instance, in between existing pam_cracklib and pam_unix modules
password .. pam_cracklib.so ...
password .. pam_newmodule use_authtok=20
password .. pam_unix.so ...
I must provide these additional settings in system-auth to implement our =
security policy, but cannot have authconfig discard them. Only manner I =
can see to safeguard against authconfig is to remove it from the system. =
Is there any other method?
Brian Simper
(text/plain)