What is the proper way to configure PAM?
I need to make an encrypted home directory for myself (the owner and administrator of the system). I decided to do it using the pam_exec module to mount an encrypted partition on my login. Then I started to look into the PAM docs in Fedora and quickly spotted, that the current PAM config files are generated by another tool, authselect
, and the files have a warning not to modify them manually:
$cat /etc/pam.d/postlogin
#Generated by authselect on Tue Mar 12 08:04:20 2019
#Do not modify this file manually.
…
So I started to look into the authselect docs, tried a command sudo authselect check
to check whether my current authselect profile's config is correct and it reported an error:
[error] [/etc/nsswitch.conf] is not a symbolic link!
[error] [/etc/nsswitch.conf] was not created by authselect!
Current configuration is not valid. It was probably modified outside authselect.
The file nsswitch.conf
has not been changed since I installed the system, so I'm sure it's Fedora's default (it also has the same head warning as the PAM config files and the same date of creation). So it looks like Fedora itself pays no heed to the warning not to modify those files manually.
So my questions are:
- what is the proper way to modify PAM config files?
- am I supposed to use
authselect
? - may I change the config files manually?
If someone has a better way to make an encrypted home directory, I would appreciate to learn about it.
I found a couple of reported bugs related to various files' modifications made by other tools, while the files are supposed to be modified only by authselect:
So currently I've decided to disregard the authselect warning and just edit PAM config manually (I might need to make the same changes after a system upgrade).
Thank you in advance
Hi~!! See the related article for fedora System.