• Home
• Topics
• Linux security
• Linux system security best practices
• Shadow modules with PAM

Shadow modules with PAM

Requires Free Membership to View

Login



When you register, my team of editors will also send you resources covering Linux administration and management; integration and interoperability between Linux, Windows and Unix; securing Linux and mixed-platform environments; and migrating to Linux.

Cathleen A. Gagne, Senior Editorial Director

• E-mail Address: 

By submitting your registration information to SearchEnterpriseLinux.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchEnterpriseLinux.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

To use shadow passwords with PAM, you must first enable shadow passwords. Most distributions have an option to enable this at installations. If you need to enable it later, then you will need to install the shadow package(s), called "shadow-utils" on Red Hat variations and "shadow" on Debian.

Once you've followed the shadow installation process, you need to enable support for shadow passwords in PAM. In a Red Hat distribution, this means adjusting the system-auth file in the /etc/pam.d. The system-auth file contains the default PAM authentication process. This includes the pam_unix.so PAM authentication module. This module is stacked in all contexts: auth, password, account and session. The auth context stack uses the pam_unix.so module and handles authentication like so:

auth sufficient pam_unix.so try_first_pass nullok

It should automatically detect the presence of shadow passwords.

In the password context, the pam_unix.so module is also stacked to handle the changing of user passwords, like so:

password sufficient pam_unix.so nullok try_first_pass use_authtok md5 shadow

The last option on the line, shadow, is used to ensure shadow passwords are created when a password is changed. A good explanation for that can be found here.

Configuration for other distributions, like Debian, is similar and you can find more details on configuring PAM.

Dig Deeper

This was first published in October 2006

More from Related TechTarget Sites

• Data Center
• Server Virtualization
• Cloud computing
• Enterprise Desktop

• Data Center

  • DevOps, Opscode Chef automate online auction site’s private cloud

    A darling of the DevOps crowd, the Opscode Chef cloud configuration and automation tool is now the central point of IT control for MercadoLibre’s sprawling online auction site.

  • Data center experts push back on ASHRAE economizer requirements

    An addendum to the ASHRAE 90.1-2010 energy standard could ease energy efficiency requirements on anyone building or significantly expanding data centers in the U.S.

  • Punch up database performance by reorganizing data

    A well-timed mainframe database reorg can result in much improved response.

• Server Virtualization

  • Shedding light on Hyper-V 3.0 resource monitoring

    Hyper-V 3.0 will feature new resource-monitoring capabilities, which will be a boon for multi-tenant environments that need to calculate chargeback.

  • VCP 5 certification course deadline looms over VMware pros

    VMware pros, who are under pressure to complete their VCP 5 exam before Feb. 29 to avoid additional requirements, yearn for Microsoft-style exams.

  • PVLANs in Hyper-V 3.0: Network isolation without the headaches

    Microsoft Hyper-V 3.0 will introduce PVLANs, a new feature that uses IP address virtualization to solve the network isolation shortcomings of VLANs.

• Cloud computing

  • Keys to integrated cloud application management

    Seamless cloud application management isn’t a pipe dream. By following a few steps, cloud admins can monitor cloud app performance from one interface.

  • Cloud infrastructure providers remain hot commodities

    Cloud infrastructure providers attracted acquisitive suitors last year. Profitable cloud vendors this year will catch the eye of telecoms.

  • Digging deeper into IBM SmartCloud for private clouds

    IBM SmartCloud services give enterprises some options to build private and hybrid clouds and may give IBM a chance to improve its lagging cloud image.

• Enterprise Desktop

  • Internet Explorer 6 apps hinder corporate adoption of Windows 7, IE9

    Organizations still rely on Windows XP and IE6 apps because they're a chore to upgrade. But IT pros can move without ditching legacy IE6 apps or having app compatibility problems.

  • Using Windows 7 Task Manager features for Windows memory management

    To fix your Windows memory management problems, you must first diagnose how memory is allocated. Certain Windows 7 Task Manager features can cure what ails your desktops.

  • Targeted malware attacks, social engineering schemes threaten desktops

    Targeted malware attacks and social engineering schemes such as phishing and whaling pose a growing security threat because cybercriminals are getting help from unwitting users.

• About us
• Contact us
• Site index
• Privacy policy
• Advertisers
• Business partners
• Events
• Media kit
• TechTarget corporate site
• Reprints
• Site map