Hey guys..

I am attempting to experiment with PAM on an extra machine that I have laying around. I don't know very much about PAM other then the fact that it deals with security on the system.

I am currently playing around with the syste-config-network command in the /etc/pam.d file. I read somewhere that it was possible to make the file so that users using the console could access the network config without having to enter the root password and then make it so that anyone else would have to enter the root password. I think I have managed to narrow down the module that I need to use to accomplish this: pam_console.so

So far though I haven't been able to get the syntax proper. I have been able to make it so that anyone can access the file both from the console and using the GUI without having to enter the root password. But I haven't been able to make it so that only users using something other then the console have to enter the root password.

Can anyone possible point me to some documentation on the proper syntax to achieve this?

Any suggestions or help would greatly be appreciated
Thank you in advance

cheers

In general the GUI part AFAIK relies on regular users having /usr/bin before /bin and /sbin in their path and the app being linked to (/usr/bin/?)userhelper. So I'm wondering if you could you describe how you did achieve your goal by other means? And do you have any reason for not using a Sudo NOPASSWD entry?

Well I hope that I am able to answer your question. I am still very new to the configuration of PAM and its modules.

I managed to achieve what I did using the pam_console.so. I added this option to the system-config-network file in the /etc/pam.d. I am not sure if it was the addition of that module or if it was me just messing around with the entries in that file that enabled the ability to bypass the login or not.

and I didn't use the sudo NOPASSWD entry because I was not aware of it before to be honest . As I mentioned before I still very new to PAM and security in general so I am doing my best to learn

hope I was able to somewhat answer your question
Sorry for the late response


cheers

todd

NP, you're not late.


Wrt your OP question
I would roll back your edits and read the /usr/share/doc/pam-.*/txts/README.pam_.* files and the manual pages for consolehelper and userhelper. That could help give you better understanding of PAM to discuss the things you're trying to do?...

Thank you very much for your suggestion I will indeed attempt to do that. PAM to me seems to be very confusing but I realize that it is something important that I should learn. I will read the documentation and hopefully be able to better formulate a question

thank you again


cheers

todd

Have you checked out the PAM-USB module?

Andy

No actually I have not checked it out. Is it able to do something similar to what I am trying to do? I will have to check it out and see if I can get it and use it in the way I need it to

thank you for your suggestion


cheers

todd