This is because RHEL6 now supports other mechanisms for authenticating
besides passwords. If you do an 'ls /etc/pam.d/', you'll see there are
now files for fingerprint-auth, and smartcard-auth, so you can use those
mechanisms, too.
Presumably, this makes it more modular and easier to have certain
services use different mechanisms
The original poster should leave the password-auth entry as-is, and then
make whatever changes are necessary to the password-auth file. At least
I think that's the recommended way of doing things now.
I just checked on my system, and password-auth and system-auth have the
same contents, but are two separate files:
$ md5sum password-auth system-auth
0534aba4c658c75dc75f23f7524943ef password-auth
0534aba4c658c75dc75f23f7524943ef system-auth
$ ls -l password-auth system-auth
-rw-r--r--. 1 root root 1330 Mar 7 17:41 password-auth
-rw-r--r--. 1 root root 1330 Mar 7 17:43 system-auth
--
Prentice
On 03/08/2011 11:59 AM, Collins, Kevin [BEELINE] wrote:
I don't know the exact reasoning, but RHEL6 seems to have introduced another
"include" file. If you compare the entries between RHEL5 and RHEL6 you see:
RHEL6.0:
auth include password-auth
account include password-auth
password include password-auth
session include password-auth
RHEL5.5:
auth include system-auth
account include system-auth
password include system-auth
session include system-auth
The content of password-auth is very similar to system-auth...
Hope that helps!
Kevin
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of Richard Smits
Sent: Thursday, March 03, 2011 4:39 AM
To: [email protected]
Subject: [rhelv6-list] Pam config and ssh access
Hello,
We had an issue today what gave us some questions. I hope someone can
explain this.
We use Samba/Winbind for ssh access to a server. The required account is
in our Active directory.
Normal in Redhat v5 the file : /etc/pam.d/sshd contains the following line :
---
auth include system-auth
---
Now in version 6 we saw that this line was removed. We placed it back again.
But can you please tell me why this line was not present anymore ? Is
this a security risk ?
Greetings .. Richard Smits
_______________________________________________
rhelv6-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv6-list
_______________________________________________
rhelv6-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv6-list
_______________________________________________
rhelv6-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv6-list
