Pam upgrade procedure (1 box down.. more to go)

So the Pam upgrade wasn’t too bad. I updated one box, restarted services, and rebooted to ensure that everything is working correctly. All you really need to do is update some of the files in pam.d.

cd /etc/pam.d grep pam_stack.so *

When I did this, I also saw rexec, rlogin and rsh. I basically looked for service=system-auth and replaced it with the new format:

OLD:

auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth

NEW:

auth include system-auth account include system-auth password include system-auth session include system-auth

cd /etc/pam.d grep pam_stack.so *

When I did this, I also saw rexec, rlogin and rsh. I basically looked for service=system-auth and replaced it with the new format:

OLD:

NEW:

auth include system-auth account include system-auth password include system-auth session include system-auth

When you’ve changed your configs, emerge or re-emerge pam, and you should be good to go. Remember to restart pam related services (ie: ssh). I’ll be slowly pushing towards other boxes with additional services (ie: ftp, mail, etc) and will be sure to report if I had any trouble.

UPDATE

Make sure you restart vixie-cron after you do the pam upgrade. If you see logs like this, make sure you restart that service. I didn’t catch it immediately since I get my logs via cron.

Oct 27 09:00:01 comp cron[12459]: PAM unable to dlopen(/lib/security/pam_unix.so) Oct 27 09:00:01 comp cron[12457]: PAM [dlerror: /lib/security/pam_unix.so: symbol pam_modutil_getlogin, version LIBPAM_MODUTIL_1.0 not defined in file libpam.so.0 with link time reference] Oct 27 09:00:01 comp cron[12457]: PAM adding faulty module: /lib/security/pam_unix.so Oct 27 09:00:01 comp cron[12457]: PAM unable to dlopen(/lib/security/pam_limits.so)