Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 37

2 Add a new authentication method.
(for example, LDAP) to your stack of PAM modules comes down to a simple
pam-config --add --ldap command. LDAP is added wherever appropri-
ate across all common-*-pc PAM configuration files.
3 Add debugging for test purposes.
procedure works as planned, turn on debugging for all PAM-related operations.
The pam-config --add --ldap-debug turns on debugging for LDAP-
related PAM operations. Find the debugging output in /var/log/messages.
4 Query your setup.
whether it contains all the options you planned to add. The pam-config
--query --module lists both the type and the options for the queried PAM
module.
5 Remove the debug options.
setup when you are entirely satisfied with the performance of it. The
pam-config --delete --ldap-debug turns of debugging for LDAP
authentication. In case you had debugging options added for other modules, use
similar commands to turn these off.
When you create your PAM configuration files from scratch using the pam-config
--create command, it creates symbolic links from the common-* to the
common-*-pc files. pam-config only modifies the common-*-pc configuration
files. Removing these symbolic links effectively disable pam-config, because pam-
config only operates on the common-*-pc files and these files are not put into effect
without the symbolic links.
For more information on the pam-config command and the options available, refer
to the manual page of pam-config, pam-config(8).
Adding a new authentication method
To make sure the new authentication
Before you finally apply your new PAM setup, check
Finally, remove the debug option from your
Authentication with PAM 25