- quagga.pam: pam_stack.so module is deprecated, use 'include' instead.

- quagga.pam.stack: the old pam_stack way, kept to allow spec file to backwards compatible (changes to spec file pending local testing)
2025-06-13 21:28:27 +00:00 · 2005-11-04 12:25:23 +00:00 · 2005-11-04 12:25:23 +00:00 · 8570676c4f
commit 8570676c4f
parent 11967e9254
2 changed files with 36 additions and 10 deletions
--- a/redhat/quagga.pam
+++ b/redhat/quagga.pam
@ -4,12 +4,12 @@
 ##### if running quagga as root:
 # Only allow root (and possibly wheel) to use this because enable access
 # is unrestricted.
-auth       sufficient   /lib/security/$ISA/pam_rootok.so
+auth       sufficient   pam_rootok.so

 # Uncomment the following line to implicitly trust users in the "wheel" group.
-#auth       sufficient   /lib/security/$ISA/pam_wheel.so trust use_uid
+#auth       sufficient   pam_wheel.so trust use_uid
 # Uncomment the following line to require a user to be in the "wheel" group.
-#auth       required     /lib/security/$ISA/pam_wheel.so use_uid
+#auth       required     pam_wheel.so use_uid
 ###########################################################

 # If using quagga privileges and with a seperate group for vty access, then
@ -17,10 +17,10 @@ auth       sufficient   /lib/security/$ISA/pam_rootok.so
 # check for valid user/password, eg:
 #
 # only allow local users.
-#auth       required     /lib/security/$ISA/pam_securetty.so
-#auth       required     /lib/security/$ISA/pam_stack.so service=system-auth
-#auth       required     /lib/security/$ISA/pam_nologin.so
-#account    required     /lib/security/$ISA/pam_stack.so service=system-auth
-#password   required     /lib/security/$ISA/pam_stack.so service=system-auth
-#session    required     /lib/security/$ISA/pam_stack.so service=system-auth
-#session    optional     /lib/security/$ISA/pam_console.so
+#auth       required     pam_securetty.so
+#auth       include      system-auth
+#auth       required     pam_nologin.so
+#account    include      system-auth
+#password   include      system-auth
+#session    include      system-auth
+#session    optional     pam_console.so
--- a/redhat/quagga.pam.stack
+++ b/redhat/quagga.pam.stack
@ -0,0 +1,26 @@
+#%PAM-1.0
+#
+
+##### if running quagga as root:
+# Only allow root (and possibly wheel) to use this because enable access
+# is unrestricted.
+auth       sufficient   /lib/security/$ISA/pam_rootok.so
+
+# Uncomment the following line to implicitly trust users in the "wheel" group.
+#auth       sufficient   /lib/security/$ISA/pam_wheel.so trust use_uid
+# Uncomment the following line to require a user to be in the "wheel" group.
+#auth       required     /lib/security/$ISA/pam_wheel.so use_uid
+###########################################################
+
+# If using quagga privileges and with a seperate group for vty access, then
+# access can be controlled via the vty access group, and pam can simply
+# check for valid user/password, eg:
+#
+# only allow local users.
+#auth       required     /lib/security/$ISA/pam_securetty.so
+#auth       required     /lib/security/$ISA/pam_stack.so service=system-auth
+#auth       required     /lib/security/$ISA/pam_nologin.so
+#account    required     /lib/security/$ISA/pam_stack.so service=system-auth
+#password   required     /lib/security/$ISA/pam_stack.so service=system-auth
+#session    required     /lib/security/$ISA/pam_stack.so service=system-auth
+#session    optional     /lib/security/$ISA/pam_console.so