37 lines
1.1 KiB
Plaintext
37 lines
1.1 KiB
Plaintext
|
|
About PAM support in the Shadow Password Suite
|
|
|
|
Warning: this code is still considered ALPHA. It is still incomplete,
|
|
and needs more testing. Please let me know if it works, or if something
|
|
doesn't work.
|
|
|
|
Use "./configure --with-libpam" to enable PAM support. Right now it only
|
|
works for the passwd and su applications. PAM support still needs to be
|
|
implemented in login.
|
|
|
|
When compiled with PAM support enabled, the following traditional features
|
|
of the shadow suite are not implemented directly in the applications -
|
|
instead, they should be implemented in the PAM modules.
|
|
|
|
passwd:
|
|
- administrator defined authentication methods
|
|
- TCFS support
|
|
- password expiration
|
|
- password strength checks
|
|
|
|
su:
|
|
- wheel group
|
|
- console groups
|
|
- su access control (/etc/suauth)
|
|
- password expiration
|
|
- time restrictions
|
|
- resource limits
|
|
|
|
Known problems:
|
|
- the pam_limits module doesn't work with su - it should be changed
|
|
to set the limits in pam_setcred() instead of pam_open_session()
|
|
(this version of su doesn't open any new sessions, like Solaris su
|
|
and unlike SimplePAMApps su)
|
|
- PAM support still needs to be implemented in login
|
|
|