Bug 175787 - RELNOTES - pam_stack is deprecated
RELNOTES - pam_stack is deprecated
Status: CLOSED RAWHIDE
Product: Fedora Documentation
Classification: Fedora
Component: release-notes (Show other bugs)
devel
All Linux
medium Severity medium
: ---
: ---
Assigned To: Release Notes Tracker
Karsten Wade
:
Depends On:
Blocks: fc5-relnotes-traqr
  Show dependency treegraph
 
Reported: 2005-12-14 18:23 EST by Tomas Mraz
Modified: 2007-04-18 13:35 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-12-14 18:30:49 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Mraz 2005-12-14 18:23:30 EST
PAM module pam_stack is deprecated and so it must not be used in individual
service configurations.

All packages in Fedora Core using PAM were modified so they do not use it.
However when a system is upgraded from previous Fedora Core releases and
admininstrator previously modified some service configurations they will not be
replaced. Instead the they will be created as .rpmnew files. Such service
configurations must be fixed so the pam_stack module is not used. Refer to the
.rpmnew files for the actual changes needed.

Example /etc/pam.d/login:

#%PAM-1.0
auth       required     pam_securetty.so
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_stack.so service=system-auth
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should be the last session rule
session    required     pam_selinux.so open

#%PAM-1.0
auth       required     pam_securetty.so
auth       include      system-auth
# no module should remain after 'include' if 'sufficient' might
# be used in the included configuration file
# pam_nologin moved to account phase - it's more appropriate there
# other modules might be moved before the system-auth 'include'
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    include      system-auth
# the system-auth config doesn't contain sufficient modules
# in the session phase
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should be the last session rule
session    required     pam_selinux.so open
Comment 1 Rahul Sundaram 2005-12-14 18:30:49 EST
Information has been added to http://fedoraproject.org/wiki/Docs/Beats/Security.
For further edits feel free to use the wiki directly.  Thanks.

Note You need to log in before you can comment on or make changes to this bug.