PAM module pam_stack is deprecated and so it must not be used in individual service configurations. All packages in Fedora Core using PAM were modified so they do not use it. However when a system is upgraded from previous Fedora Core releases and admininstrator previously modified some service configurations they will not be replaced. Instead the they will be created as .rpmnew files. Such service configurations must be fixed so the pam_stack module is not used. Refer to the .rpmnew files for the actual changes needed. Example /etc/pam.d/login: #%PAM-1.0 auth required pam_securetty.so auth required pam_stack.so service=system-auth auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_stack.so service=system-auth session required pam_loginuid.so session optional pam_console.so # pam_selinux.so open should be the last session rule session required pam_selinux.so open #%PAM-1.0 auth required pam_securetty.so auth include system-auth # no module should remain after 'include' if 'sufficient' might # be used in the included configuration file # pam_nologin moved to account phase - it's more appropriate there # other modules might be moved before the system-auth 'include' account required pam_nologin.so account include system-auth password include system-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session include system-auth # the system-auth config doesn't contain sufficient modules # in the session phase session required pam_loginuid.so session optional pam_console.so # pam_selinux.so open should be the last session rule session required pam_selinux.so open
Information has been added to http://fedoraproject.org/wiki/Docs/Beats/Security. For further edits feel free to use the wiki directly. Thanks.