Deprecated pam_stack module called from service...

Deprecated pam_stack module called from service "sshd"

If you upgraded openssh to v5.x, and see/get the following error message in the /var/log/secure file:

Deprecated pam_stack module called from service "sshd"

Follow these steps to get rid of this error:

1. Using your favorite Linux editor such as vi, edit the file:/etc/pam.d/sshd

Replace these 4 directives:

auth 		required 	pam_stack.so service=system-auth
account 	required 	pam_stack.so service=system-auth
password 	required 	pam_stack.so service=system-auth
session 	required 	pam_stack.so service=system-auth

with

auth      include system-auth
account   include system-auth
password  include system-auth
session   include system-auth

2. Save the file and exit
3. Restart sshd daemon running the command: /sbin/service sshd restart

--------------------------------------------------------------------------------------------

Fixing Linux pam.d issue - Deprecated pam_stack module

This appeared thousands of times in my log:

Deprecated pam_stack module called from service "sshd" 

Not just for sshd, but also for pop and pop3 and smtp. Searching Google for a bit I came across this fix:

Change the lines like this:

auth    required     pam_stack.so service=system-auth 

to this:

auth       include      system-auth 

Do not change the lines that start with ‘account’, only the auth lines. You need to remove all occurances of pam_stack.so. Please see below for a more definitive guide and a link to the complete upgrade guide. Change these in each file that contains the bad line in these places:

/etc/pam.d/ 
/home/virtual/site*/fst/etc/pam.d 

To quickly find the files that need changing you can issue these commands:

grep -l pam_stack.so /etc/pam.d/* 
grep -l pam_stack.so /home/virtual/site*/fst/etc/pam.d/* 

The original solution can be found here.

From the upgrade guide below:

Important: There are four facilities in PAM configuration: auth, account, password and session. You need to update the configuration files for all of them, not just auth.
Please note that you might also need to reorder the calls when making this change, as sometimes modules like pam_nologin were listed after pam_stack, even though they now need to be listed before the include directive.

The original how to can be found here. My apologies for the link above, as it does have the fix, but offers no explanation or how-to for this patching.

Related errors:
Deprecated pam_stack module called from service “pop”
Deprecated pam_stack module called from service “sshd”
Deprecated pam_stack module called from service “smtp”
Deprecated pam_stack module called from service “imap”

资料:

http://www.outofcontrol.ca/thoughts/comments/fixing-linux-pamd-issue-deprecated-pam_stack-module

http://linux.die.net/man/8/pam_stack

你可能感兴趣的:(linux,SSHD)