You are not logged in.
... results in
2,21c2,7
< auth required pam_securetty.so
< auth requisite pam_nologin.so
< auth required pam_unix.so nullok
< auth required pam_tally.so onerr=succeed file=/var/log/faillog
< # use this to lockout accounts for 10 minutes after 3 failed attempts
< #auth required pam_tally.so deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog
< account required pam_access.so
< account required pam_time.so
< account required pam_unix.so
< #password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
< #password required pam_unix.so sha512 shadow use_authtok
< session required pam_unix.so
< session required pam_env.so
< session required pam_motd.so
< session required pam_limits.so
< session optional pam_mail.so dir=/var/spool/mail standard
< session optional pam_lastlog.so
< session optional pam_loginuid.so
< -session optional pam_ck_connector.so nox11
< -session optional pam_systemd.so
---
>
> auth required pam_securetty.so
> auth requisite pam_nologin.so
> auth include system-local-login
> account include system-local-login
> session include system-local-login
Is it safe to use new /etc/pam.d/login?
Last edited by student975 (2012-07-05 11:54:37)
"I exist" is the best myth I know..
Offline
...or safe to reboot with the old one?
I'm equally puzzled.
Offline
Yes, that's the idea.
Offline
tomegun, what do you mean? I'm afraid to turn a system off, but want to sleep with computer turned off
"I exist" is the best myth I know..
Offline
Interested.
I don't know how to modify the file. Is it fine in the way that I modified it?
#%PAM-1.0
auth required pam_securetty.so
auth requisite pam_nologin.so
auth include system-local-login
account include system-local-login
session include system-local-login
auth required pam.unix.so nullok
auth required pam_tally.so onerr=succeed file=/var/log/faillog
# use this to lockout accounts for 10 minutes after 3 failed attempts
#auth required pam_tally.so deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog
account required pam_access.so
account required pam_time.so
account required pam_unix.so
#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
#password required pam_unix.so sha512 shadow use_authtok
session required pam_unix.so
session required pam_env.so
session required pam_motd.so
session required pam_limits.so
session optional pam_mail.so dir=/var/spool/mail standard
session optional pam_lastlog.so
session optional pam_loginuid.so
-session optional pam_ck_connector.so nox11
-session optional pam_systemd.so
Laptop: Acer Aspire S3 | Linux Mint Cinnamon 64-bit
Offline
I assume that tomegun meant using the new one rather than booting with the old one. (The latter might also be fine - I've no idea.)
I'm a bit confused about the role which /etc/pam.d/passwd is playing now. Should options I've added here be duplicated for the password lines in e.g. system-auth? Currently, I have this in passwd:
password required pam_unix.so sha512 shadow nullok rounds=65536
but since system-auth etc. seems to have its own password lines, I'm wondering if having this in passwd is now either pointless or at least insufficient.
The default set up, if I understand it correctly, is not actually that different from the old one. The diff above is missing the additions:
> auth include system-local-login
> account include system-local-login
> session include system-local-login
I think this is invoking the stuff in /etc/pam.d/system-local-login which in turn calls system-login and system-auth, for example. If you compare the cumulative effect, I believe there are only minor differences which don't impact security e.g. to do with announcing the last login time or displaying message of the day.
EDIT: So adding that stuff all back into login just duplicates stuff with maybe some very minor differences such as requiring message of the day etc.
Last edited by cfr (2012-07-04 23:25:35)
CLI Paste | How To Ask Questions
Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L
Offline
I am totally confused with this pacnew file as well. Is it safe to simply replace the old one with the new one?
Offline
I am totally confused with this pacnew file as well. Is it safe to simply replace the old one with the new one?
I read through all the files and decided to replace it. There are no big differenes, only some additional stuff is loaded I think. I did not reboot yet.
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Online
I did not reboot yet.
But this is the main question. Four my arch installations are waiting for update or reboot It would be great to get clear answer on simple plane English form arch developers:
is it safe to replace the file?
"I exist" is the best myth I know..
Offline
I rebooted many times and i am waiting for a confirmation to replace the file either.
Edit: Replaced the file, works fine. . .
Last edited by omeringen (2012-07-05 11:31:49)
Offline
Just for the record: I just replaced the file even though I'm not sure what to make of it and tried rebooting (hey, why not!) and it seems to work. Would like some more information on it though.
Offline
I have replaced the file and rebooted without issue. The script is just becoming more modular, all the stuff removed is in the included scripts.
Cheers.
Offline
Reboot without any problems at the login screen. My mainline-kernel doesn't find its modules anymore, but that is an other issue. So I'm currently back with the default kernel.
Last edited by progandy (2012-07-05 08:59:11)
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Online
right now rebooted with login.pacnew ... no problem found
#Awesome window manager
Offline
I simply replace the /etc/pam.d/login file with the new /etc/pam.d/login.pacnew but I've encountered a login problem.
I use CDM (AUR) as login manager. After having typed my username and password, and having pressed enter for select to start XFCE as DM, I return to the login screen. Even if I repeat the login a second or third time happen the same.
The only way to access the DM seem to be select 'Console' in CDM and manually type the command:
$ startxfce4
It isn't a big problem, but a bit annoying. Would I restore some lines in the login file or it is a bug of CDM?
CDM seems to be not maintained since a while, the website is down and is available only the GitHub page.
Last edited by I am Gianluca (2012-07-05 10:22:26)
Laptop: Acer Aspire S3 | Linux Mint Cinnamon 64-bit
Offline
I use CDM (AUR) as login manager. After having typed my username and password, and having pressed enter for select to start XFCE as DM, I return to the login screen. Even if I repeat the login a second or third time happen the same.
What is your command to start xfce in cdm? Did you try to remove nox11 in /etc/pam.d/system-login fpr pam_ck_connector?
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Online
Is it safe to use new /etc/pam.d/login?
I renamed my previous "login" file to login.OLD then renamed the "login.pacnew" file to "login" and all seems to work fine.
oz
Offline
Thanks to all for information! - renamed and rebooted without problems. Marking the thread as [solved].
Last edited by student975 (2012-07-05 12:43:01)
"I exist" is the best myth I know..
Offline
I am Gianluca wrote:I use CDM (AUR) as login manager. After having typed my username and password, and having pressed enter for select to start XFCE as DM, I return to the login screen. Even if I repeat the login a second or third time happen the same.
What is your command to start xfce in cdm? Did you try to remove nox11 in /etc/pam.d/system-login fpr pam_ck_connector?
The command that I use in CDM to start XFCE is:
# List all WM binary names
wmbinlist=(startxfce4)
So, I suppose it's not the cause. I didn't try to remove nox11 in /etc/pam.d/system-login because I don't know what might imply.
Last edited by I am Gianluca (2012-07-05 12:45:58)
Laptop: Acer Aspire S3 | Linux Mint Cinnamon 64-bit
Offline
I have replaced the file and rebooted without issue. The script is just becoming more modular, all the stuff removed is in the included scripts.
Thanks! I was confused too.
Offline
So, if I did the usual "merge the .pacnew with the existing file, delete the .pacnew" thing, will that cause trouble down the line?
If so, where can I find a copy of the new /etc/pam.d/login file? (It doesn't seem to be in my /var/abs/core/pambase/ dir, nor on the package page).
Offline
cp /etc/pam.d/login /etc/pam.d/login.orig
mv /etc/pam.d/login.pacnew /etc/pam.d/login
I'm still alive.
[...] where can I find a copy of the new /etc/pam.d/login file? (It doesn't seem to be in my /var/abs/core/pambase/ dir, nor on the package page).
┌─[arch-ck ~]
└─╼ pacman -Qo /etc/pam.d/login
/etc/pam.d/login is owned by util-linux 2.21.2-3
https://projects.archlinux.org/svntogit … util-linux
pam-login ==> /etc/pam.d/login(.pacnew)
Offline
I simply replace the /etc/pam.d/login file with the new /etc/pam.d/login.pacnew but I've encountered a login problem.
I use CDM (AUR) as login manager. After having typed my username and password, and having pressed enter for select to start XFCE as DM, I return to the login screen. Even if I repeat the login a second or third time happen the same.
The only way to access the DM seem to be select 'Console' in CDM and manually type the command:$ startxfce4
It isn't a big problem, but a bit annoying. Would I restore some lines in the login file or it is a bug of CDM?
CDM seems to be not maintained since a while, the website is down and is available only the GitHub page.
Different wm, but I also have this problem with CDM.
Offline
I initially rebooted without replacing the file and didn't get any errors, but i got two last-login dates.
Then, I replaced the file with the pacnew and everything went OK.
Oh, BTW, hello everyone and thank you all for this awesome community.
Offline
I am Gianluca wrote:I simply replace the /etc/pam.d/login file with the new /etc/pam.d/login.pacnew but I've encountered a login problem.
I use CDM (AUR) as login manager. After having typed my username and password, and having pressed enter for select to start XFCE as DM, I return to the login screen. Even if I repeat the login a second or third time happen the same.
The only way to access the DM seem to be select 'Console' in CDM and manually type the command:$ startxfce4
It isn't a big problem, but a bit annoying. Would I restore some lines in the login file or it is a bug of CDM?
CDM seems to be not maintained since a while, the website is down and is available only the GitHub page.Different wm, but I also have this problem with CDM.
We can continue in this thread.
Laptop: Acer Aspire S3 | Linux Mint Cinnamon 64-bit
Offline