Re: gdm: through to the next round

["Guillermo S. Romero / Familia Romero" <famrom infernal-iceberg com>]

i a uemlianin celtic co uk (2001-06-26 at 2133.11 +0100):
> > See whether creating /etc/pam.d/gdm as a symlink pointing to the 
> > /opt/gnome... one works ...
> This works! ... the problem with pam is fixed, but I'm not home and
> dry yet.  
> I get the splash login screen but, typing in my login details gets
> 'Authentication failed' for all users *and* root.  I don't even get to
> type my password.  Is gdm not finding /etc/passwd?

If you are using PAM, the apps never touch the real files. And in
modern OS, the passwords go in /etc/shadow. You should check the PAM
config file, probably something is wrong (PAM system follows the
checks and ooops, one or more requisites not fulfilled, so auth
fails).

You should read the security logs, maybe put the system in debug mode
and read what is going.

Here is the gdm file for a RH62.
---8<--
#%PAM-1.0
auth       required     /lib/security/pam_pwdb.so shadow nullok
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_pwdb.so
password   required     /lib/security/pam_cracklib.so
password   required     /lib/security/pam_pwdb.so shadow nullok use_authtok
session    required     /lib/security/pam_pwdb.so
session    optional     /lib/security/pam_console.so
--->8---

The debug mode is enable by adding "debug" to each line, as "shadow"
parameter is. BTW, are you sure PAM follows symlinks? Sometimes libs
or apps do not work if they found symlinks, weird permissions or other
"small details" (that in the hands of a bastard become your worst
nightmare, aka they are not supported to avoid attacks, last one I
learned is that SETUID scripts do not work in Linux).

GSR