Bug 175787 - RELNOTES - pam_stack is deprecated
Summary: RELNOTES - pam_stack is deprecated
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora Documentation
Classification: Fedora
Component: release-notes (Show other bugs)
(Show other bugs)
Version: devel
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Release Notes Tracker
QA Contact: Karsten Wade
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: fc5-relnotes-traqr
TreeView+ depends on / blocked
 
Reported: 2005-12-14 23:23 UTC by Tomas Mraz
Modified: 2007-04-18 17:35 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-12-14 23:30:49 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Tomas Mraz 2005-12-14 23:23:30 UTC
PAM module pam_stack is deprecated and so it must not be used in individual
service configurations.

All packages in Fedora Core using PAM were modified so they do not use it.
However when a system is upgraded from previous Fedora Core releases and
admininstrator previously modified some service configurations they will not be
replaced. Instead the they will be created as .rpmnew files. Such service
configurations must be fixed so the pam_stack module is not used. Refer to the
.rpmnew files for the actual changes needed.

Example /etc/pam.d/login:

#%PAM-1.0
auth       required     pam_securetty.so
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_stack.so service=system-auth
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should be the last session rule
session    required     pam_selinux.so open

#%PAM-1.0
auth       required     pam_securetty.so
auth       include      system-auth
# no module should remain after 'include' if 'sufficient' might
# be used in the included configuration file
# pam_nologin moved to account phase - it's more appropriate there
# other modules might be moved before the system-auth 'include'
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    include      system-auth
# the system-auth config doesn't contain sufficient modules
# in the session phase
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should be the last session rule
session    required     pam_selinux.so open

Comment 1 Rahul Sundaram 2005-12-14 23:30:49 UTC
Information has been added to http://fedoraproject.org/wiki/Docs/Beats/Security.
For further edits feel free to use the wiki directly.  Thanks.


Note You need to log in before you can comment on or make changes to this bug.