You are not logged in.

#1 2012-07-04 22:26:11

student975
Member
From: Russian Federation
Registered: 2011-03-05
Posts: 598

[solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

... results in

2,21c2,7
< auth          required        pam_securetty.so
< auth          requisite       pam_nologin.so
< auth          required        pam_unix.so nullok
< auth          required        pam_tally.so onerr=succeed file=/var/log/faillog
< # use this to lockout accounts for 10 minutes after 3 failed attempts
< #auth         required        pam_tally.so deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog
< account               required        pam_access.so
< account               required        pam_time.so
< account               required        pam_unix.so
< #password     required        pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
< #password     required        pam_unix.so sha512 shadow use_authtok
< session               required        pam_unix.so
< session               required        pam_env.so
< session               required        pam_motd.so
< session               required        pam_limits.so
< session               optional        pam_mail.so dir=/var/spool/mail standard
< session               optional        pam_lastlog.so
< session               optional        pam_loginuid.so
< -session      optional        pam_ck_connector.so nox11
< -session      optional        pam_systemd.so
---
> 
> auth       required     pam_securetty.so
> auth       requisite    pam_nologin.so
> auth       include      system-local-login
> account    include      system-local-login
> session    include      system-local-login

Is it safe to use new  /etc/pam.d/login?

Last edited by student975 (2012-07-05 11:54:37)


"I exist" is the best myth I know..

Offline

#2 2012-07-04 23:08:47

owain
Member
Registered: 2009-08-24
Posts: 233

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

...or safe to reboot with the old one?

I'm equally puzzled.

Offline

#3 2012-07-04 23:08:56

tomegun
Developer
From: France
Registered: 2010-05-28
Posts: 661

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

Yes, that's the idea.

Offline

#4 2012-07-04 23:15:16

student975
Member
From: Russian Federation
Registered: 2011-03-05
Posts: 598

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

tomegun, what do you mean? I'm afraid to turn a system off, but want to sleep with computer turned off smile


"I exist" is the best myth I know..

Offline

#5 2012-07-04 23:17:19

I am Gianluca
Member
From: London, UK
Registered: 2011-05-22
Posts: 195

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

Interested.
I don't know how to modify the file. Is it fine in the way that I modified it?

#%PAM-1.0

auth       required     pam_securetty.so
auth       requisite    pam_nologin.so
auth       include      system-local-login
account    include      system-local-login
session    include      system-local-login
auth       required     pam.unix.so nullok
auth       required     pam_tally.so onerr=succeed file=/var/log/faillog
# use this to lockout accounts for 10 minutes after 3 failed attempts
#auth           required        pam_tally.so deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog
account         required        pam_access.so
account         required        pam_time.so
account         required        pam_unix.so
#password       required        pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
#password       required        pam_unix.so sha512 shadow use_authtok
session         required        pam_unix.so
session         required        pam_env.so
session         required        pam_motd.so
session         required        pam_limits.so
session         optional        pam_mail.so dir=/var/spool/mail standard
session         optional        pam_lastlog.so
session         optional        pam_loginuid.so
-session        optional        pam_ck_connector.so nox11
-session        optional        pam_systemd.so

Laptop: Acer Aspire S3 | Linux Mint Cinnamon 64-bit

Offline

#6 2012-07-04 23:22:55

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 5,661

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

I assume that tomegun meant using the new one rather than booting with the old one. (The latter might also be fine - I've no idea.)

I'm a bit confused about the role which /etc/pam.d/passwd is playing now. Should options I've added here be duplicated for the password lines in e.g. system-auth? Currently, I have this in passwd:

password      required        pam_unix.so sha512 shadow nullok rounds=65536

but since system-auth etc. seems to have its own password lines, I'm wondering if having this in passwd is now either pointless or at least insufficient.

The default set up, if I understand it correctly, is not actually that different from the old one. The diff above is missing the additions:

> auth       include      system-local-login
> account    include      system-local-login
> session    include      system-local-login

I think this is invoking the stuff in /etc/pam.d/system-local-login which in turn calls system-login and system-auth, for example. If you compare the cumulative effect, I believe there are only minor differences which don't impact security e.g. to do with announcing the last login time or displaying message of the day.

EDIT: So adding that stuff all back into login just duplicates stuff with maybe some very minor differences such as requiring message of the day etc.

Last edited by cfr (2012-07-04 23:25:35)


How To Ask Questions The Smart Way | Help Vampires

Arch Linux | x86_64 | GPT | EFI boot | grub2 | systemd | LVM2 on LUKS
Lenovo x121e | Intel(R) Core(TM) i3-2367M CPU @ 1.40GHz GenuineIntel | Intel Centrino Wireless-N 1000 | US keyboard with Euro | 320G 7200 RPM Seagate HDD

Offline

#7 2012-07-05 08:24:59

mikkie
Member
Registered: 2009-11-10
Posts: 52

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

I am totally confused with this pacnew file as well. Is it safe to simply replace the old one with the new one?

Offline

#8 2012-07-05 08:28:50

progandy
Member
Registered: 2012-05-17
Posts: 2,143

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

mikkie wrote:

I am totally confused with this pacnew file as well. Is it safe to simply replace the old one with the new one?

I read through all the files and decided to replace it. There are no big differenes, only some additional stuff is loaded I think. I did not reboot yet.

Offline

#9 2012-07-05 08:35:19

student975
Member
From: Russian Federation
Registered: 2011-03-05
Posts: 598

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

progandy wrote:

I did not reboot yet.

But this is the main question. Four my arch installations are waiting for update or reboot smile It would be great to get clear answer on simple plane English form arch developers:

is it safe to replace the file?


"I exist" is the best myth I know..

Offline

#10 2012-07-05 08:53:00

omeringen
Member
Registered: 2012-05-28
Posts: 109

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

I rebooted many times and i am waiting for a confirmation to replace the file either.

Edit: Replaced the file, works fine. . .

Last edited by omeringen (2012-07-05 11:31:49)

Offline

#11 2012-07-05 08:55:16

D.
Member
Registered: 2012-05-15
Posts: 64

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

Just for the record: I just replaced the file even though I'm not sure what to make of it and tried rebooting (hey, why not!) and it seems to work. Would like some more information on it though.

Offline

#12 2012-07-05 08:56:39

Padfoot
Member
Registered: 2010-09-03
Posts: 381

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

I have replaced the file and rebooted without issue. The script is just becoming more modular, all the stuff removed is in the included scripts.

Cheers.

Offline

#13 2012-07-05 08:58:32

progandy
Member
Registered: 2012-05-17
Posts: 2,143

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

Reboot without any problems at the login screen. My mainline-kernel doesn't find its modules anymore, but that is an other issue. So I'm currently back with the default kernel.

Last edited by progandy (2012-07-05 08:59:11)

Offline

#14 2012-07-05 09:16:45

xhc
Member
From: Slovakia, [svk]
Registered: 2012-02-01
Posts: 112
Website

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

right now rebooted with login.pacnew ... no problem found


#Awesome window manager  |  http://my-archlinux.blogspot.com

Offline

#15 2012-07-05 10:21:44

I am Gianluca
Member
From: London, UK
Registered: 2011-05-22
Posts: 195

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

I simply replace the /etc/pam.d/login file with the new /etc/pam.d/login.pacnew but I've encountered a login problem.
I use CDM (AUR) as login manager. After having typed my username and password, and having pressed enter for select to start XFCE as DM, I return to the login screen. Even if I repeat the login a second or third time happen the same.
The only way to access the DM seem to be select 'Console' in CDM and manually type the command:

$ startxfce4

It isn't a big problem, but a bit annoying. Would I restore some lines in the login file or it is a bug of CDM?
CDM seems to be not maintained since a while, the website is down and is available only the GitHub page.

Last edited by I am Gianluca (2012-07-05 10:22:26)


Laptop: Acer Aspire S3 | Linux Mint Cinnamon 64-bit

Offline

#16 2012-07-05 10:36:21

progandy
Member
Registered: 2012-05-17
Posts: 2,143

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

I am Gianluca wrote:

I use CDM (AUR) as login manager. After having typed my username and password, and having pressed enter for select to start XFCE as DM, I return to the login screen. Even if I repeat the login a second or third time happen the same.

What is your command to start xfce in cdm? Did you try to remove nox11 in /etc/pam.d/system-login fpr pam_ck_connector?

Offline

#17 2012-07-05 11:48:02

ozar
Member
From: USA
Registered: 2005-02-18
Posts: 1,681

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

student975 wrote:

Is it safe to use new  /etc/pam.d/login?

I renamed my previous "login" file to login.OLD then renamed the "login.pacnew" file to "login" and all seems to work fine.


oz

Offline

#18 2012-07-05 11:53:33

student975
Member
From: Russian Federation
Registered: 2011-03-05
Posts: 598

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

Thanks to all for information! - renamed and rebooted without problems. Marking the thread as [solved].

Last edited by student975 (2012-07-05 12:43:01)


"I exist" is the best myth I know..

Offline

#19 2012-07-05 12:44:58

I am Gianluca
Member
From: London, UK
Registered: 2011-05-22
Posts: 195

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

progandy wrote:
I am Gianluca wrote:

I use CDM (AUR) as login manager. After having typed my username and password, and having pressed enter for select to start XFCE as DM, I return to the login screen. Even if I repeat the login a second or third time happen the same.

What is your command to start xfce in cdm? Did you try to remove nox11 in /etc/pam.d/system-login fpr pam_ck_connector?

The command that I use in CDM to start XFCE is:

# List all WM binary names
wmbinlist=(startxfce4)

So, I suppose it's not the cause. I didn't try to remove nox11 in /etc/pam.d/system-login because I don't know what might imply.

Last edited by I am Gianluca (2012-07-05 12:45:58)


Laptop: Acer Aspire S3 | Linux Mint Cinnamon 64-bit

Offline

#20 2012-07-05 14:57:38

stqn
Member
Registered: 2010-03-19
Posts: 1,189
Website

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

Padfoot wrote:

I have replaced the file and rebooted without issue. The script is just becoming more modular, all the stuff removed is in the included scripts.

Thanks! I was confused too.

Offline

#21 2012-07-05 15:58:44

kinhodder
Member
From: UK
Registered: 2010-04-18
Posts: 65
Website

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

So, if I did the usual "merge the .pacnew with the existing file, delete the .pacnew" thing, will that cause trouble down the line?

If so, where can I find a copy of the new /etc/pam.d/login file? (It doesn't seem to be in my /var/abs/core/pambase/ dir, nor on the package page).

Offline

#22 2012-07-05 16:06:07

Psykorgasm
Member
From: England, UK
Registered: 2011-11-24
Posts: 158

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

cp /etc/pam.d/login /etc/pam.d/login.orig
mv  /etc/pam.d/login.pacnew  /etc/pam.d/login

I'm still alive.


kinhodder wrote:

[...] where can I find a copy of the new /etc/pam.d/login file? (It doesn't seem to be in my /var/abs/core/pambase/ dir, nor on the package page).

┌─[arch-ck ~]
└─╼ pacman -Qo /etc/pam.d/login
/etc/pam.d/login is owned by util-linux 2.21.2-3

https://projects.archlinux.org/svntogit … util-linux
pam-login ==> /etc/pam.d/login(.pacnew)

Offline

#23 2012-07-05 22:25:29

Nepherte
Member
From: Belgium
Registered: 2008-09-09
Posts: 427
Website

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

I am Gianluca wrote:

I simply replace the /etc/pam.d/login file with the new /etc/pam.d/login.pacnew but I've encountered a login problem.
I use CDM (AUR) as login manager. After having typed my username and password, and having pressed enter for select to start XFCE as DM, I return to the login screen. Even if I repeat the login a second or third time happen the same.
The only way to access the DM seem to be select 'Console' in CDM and manually type the command:

$ startxfce4

It isn't a big problem, but a bit annoying. Would I restore some lines in the login file or it is a bug of CDM?
CDM seems to be not maintained since a while, the website is down and is available only the GitHub page.

Different wm, but I also have this problem with CDM.

Offline

#24 2012-07-05 22:53:08

GR3
Member
Registered: 2012-07-05
Posts: 2

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

I initially rebooted without replacing the file and didn't get any errors, but i got two last-login dates.
Then, I replaced the file with the pacnew and everything went OK.

Oh, BTW, hello everyone and thank you all for this awesome community.

Offline

#25 2012-07-05 23:30:54

I am Gianluca
Member
From: London, UK
Registered: 2011-05-22
Posts: 195

Re: [solved] diff /etc/pam.d/login /etc/pam.d/login.pacnew

Nepherte wrote:
I am Gianluca wrote:

I simply replace the /etc/pam.d/login file with the new /etc/pam.d/login.pacnew but I've encountered a login problem.
I use CDM (AUR) as login manager. After having typed my username and password, and having pressed enter for select to start XFCE as DM, I return to the login screen. Even if I repeat the login a second or third time happen the same.
The only way to access the DM seem to be select 'Console' in CDM and manually type the command:

$ startxfce4

It isn't a big problem, but a bit annoying. Would I restore some lines in the login file or it is a bug of CDM?
CDM seems to be not maintained since a while, the website is down and is available only the GitHub page.

Different wm, but I also have this problem with CDM.

We can continue in this thread.


Laptop: Acer Aspire S3 | Linux Mint Cinnamon 64-bit

Offline

Board footer

Powered by FluxBB