3

I'm trying to change pam.d/system_auth to help with password complexity as required by an audit.

I'm not familiar with PAM, but the system_auth file says

This file is auto generated User changes will be destroyed the next time authconfig is run.

Is there a proper way to edit permanent changes into system_auth rather than simply editing or am I misunderstanding the warning?

All I need to do is add some simple tally's and minlen, dcredit, ocredit, etc.

Evan
  • 177
  • 2
  • 8

1 Answers1

4

There's no reason you couldn't edit it directly. You just have to remember that if you run authconfig, your changes will likely be blown away. We certainly edit the file directly on all of our systems because authconfig isn't flexible enough for our tastes (and doesn't fit in well with the config management tools we use).

So, it's safe as long as you understand the constraints surrounding it's editing.

Travis Campbell
  • 1,456
  • 7
  • 15
  • is there any reason that authconfig could be run by something else and nullify my changes? – Evan Jul 21 '09 at 20:07
  • Not that I'm aware of. system-config-authentication runs it on the backend I _think_ (or atleast has the same functions provided to you in a gui form factor). – Travis Campbell Aug 03 '09 at 18:15