Pam upgrade procedure (1 box down.. more to go)

So the Pam upgrade wasn't too bad. I updated one box, restarted services, and rebooted to ensure that everything is working correctly. All you really need to do is update some of the files in pam.d.

cd /etc/pam.d
grep *

When I did this, I also saw rexec, rlogin and rsh. I basically looked for service=system-auth and replaced it with the new format:


auth       required    /lib/security/ service=system-auth
account    required    /lib/security/ service=system-auth
password   required    /lib/security/ service=system-auth
session    required    /lib/security/ service=system-auth


auth       include      system-auth
account    include      system-auth
password   include      system-auth
session    include      system-auth

When you've changed your configs, emerge or re-emerge pam, and you should be good to go. Remember to restart pam related services (ie: ssh). I'll be slowly pushing towards other boxes with additional services (ie: ftp, mail, etc) and will be sure to report if I had any trouble.


Make sure you restart vixie-cron after you do the pam upgrade. If you see logs like this, make sure you restart that service. I didn't catch it immediately since I get my logs via cron.

Oct 27 09:00:01 comp cron[12459]: PAM unable to dlopen(/lib/security/
Oct 27 09:00:01 comp cron[12457]: PAM [dlerror: /lib/security/ symbol pam_modutil_getlogin, version LIBPAM_MODUTIL_1.0 not defined in file with link time reference]
Oct 27 09:00:01 comp cron[12457]: PAM adding faulty module: /lib/security/
Oct 27 09:00:01 comp cron[12457]: PAM unable to dlopen(/lib/security/