Re: [gentoo-amd64] Problems with pam-0.99 upgrade
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark Knecht wrote: > > Richard, >Thanks for the response. I would have NEVER guessed that this qfile > command was telling me the files that are no longer needed. I should > have read the man page on that. Well, strictly speaking it points out files that are not owned by any installed package. Normally when a file is no longer needed it gets deleted, but the config protect feature prevents this in /etc. > >Now, was the intent of this Wiki to tell me what didn't need > editing or what did? Seems very strange to me to point out files I > don't need anymore but leave the impression I do. > Hmm - not sure what wiki you're referring to, but the upgrade guide is at: http://www.gentoo.org/proj/en/base/pam/upgrade-0.99.xml The text around "qfile -o /etc/pam.d/*" is: Because of the nature of configuration files, you might still have old configuration files for packages you already removed, so you should check first that there are no orphan files (files not belonging to any package), for instance through the qfile command present in app-portage/portage-utils. and The most common presence of orphan files in /etc/pam.d are the backup files created by most editors, ending with a tilde character (~). The remaining files, unless you created them yourself for your particular setup, should be safe to remove (or at least move away), as they are probably leftovers from previously installed packages. A special exception for this is /etc/pam.d/vmware-authd for vmware-server, that is created by the vmware-config.pl script (but it should be safe to remove unless you edited it manually, you'll just have to re-execute the script). Even so, I'll be the first to stand up and proclaim that PAM is confusing. >Anyway, the machine is working and I apprecaite your help. > You're very welcome! Rich -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHLiDdG4/rWKZmVWkRAp6+AKCsOrDvkn4+jCt8sDTLHwjed+6IDgCeKCiZ WJZAsS6a4hyQh3PgtQyxeXg= =43rY -END PGP SIGNATURE- smime.p7s Description: S/MIME Cryptographic Signature
Re: [gentoo-amd64] Problems with pam-0.99 upgrade
On 11/4/07, Richard Freeman <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Mark Knecht wrote: > > OK, knowing as you all do that I'm a non-admin sort of person these > > sort of instructions - the > > 2 paragraphs at the end - scare me. I hate having to guess what anyone > > means. > > > > lightning pam.d # qfile -o /etc/pam.d/* > > /etc/pam.d/gdmconfig > > /etc/pam.d/xdm > > lightning pam.d # > > > > I was having the same problems earlier in the week. The solution is > actually pretty simple. The output above indicates that xdm and > gdmconfig aren't being used any longer - they're orphans. I just moved > the files elsewhere (for temporary safe-keeping), and upgraded PAM, and > there were no issues. All the files that used the obsolete functions > were upgraded some time ago apparently - but if you have a system that > has been upgraded year-after-year apparently there are orphan files that > date WAY back... > > However, I agree that PAM is one of those things that everybody depends > on but otherwise seems to behave like black magic for most people. I've > yet to see a guide on PAM that actually makes it easy to understand. > (There are TONS of guides that ATTEMPT to make it easy to understand, > but every one I've seen falls far short). I considered it a major > accomplishment when I was able to hack my sshd PAM config to restrict > logins to a list of particular accounts... Richard, Thanks for the response. I would have NEVER guessed that this qfile command was telling me the files that are no longer needed. I should have read the man page on that. Now, was the intent of this Wiki to tell me what didn't need editing or what did? Seems very strange to me to point out files I don't need anymore but leave the impression I do. Anyway, the machine is working and I apprecaite your help. Thanks, Mark -- [EMAIL PROTECTED] mailing list
Re: [gentoo-amd64] Problems with pam-0.99 upgrade
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark Knecht wrote: > OK, knowing as you all do that I'm a non-admin sort of person these > sort of instructions - the > 2 paragraphs at the end - scare me. I hate having to guess what anyone means. > > lightning pam.d # qfile -o /etc/pam.d/* > /etc/pam.d/gdmconfig > /etc/pam.d/xdm > lightning pam.d # > I was having the same problems earlier in the week. The solution is actually pretty simple. The output above indicates that xdm and gdmconfig aren't being used any longer - they're orphans. I just moved the files elsewhere (for temporary safe-keeping), and upgraded PAM, and there were no issues. All the files that used the obsolete functions were upgraded some time ago apparently - but if you have a system that has been upgraded year-after-year apparently there are orphan files that date WAY back... However, I agree that PAM is one of those things that everybody depends on but otherwise seems to behave like black magic for most people. I've yet to see a guide on PAM that actually makes it easy to understand. (There are TONS of guides that ATTEMPT to make it easy to understand, but every one I've seen falls far short). I considered it a major accomplishment when I was able to hack my sshd PAM config to restrict logins to a list of particular accounts... -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHLbS3G4/rWKZmVWkRArPOAJwPJuIUe8tJkacz5jmyzaImNFaTjgCdF8k/ ++g0HXiS7/ZPaUOMk6YY+OA= =q/hy -END PGP SIGNATURE- smime.p7s Description: S/MIME Cryptographic Signature