system-auth file - virtualmin modified?

Hi, I got the following warnings during an update:

[code:1]warning: /etc/yum.repos.d/CentOS-Base.repo created as /etc/yum.repos.d/CentOS-Base.repo.rpmnew
warning: /etc/pam.d/system-auth created as /etc/pam.d/system-auth.rpmnew
warning: /etc/modprobe.d/blacklist-firewire created as /etc/modprobe.d/blacklist-firewire.rpmnew
warning: /etc/smartd.conf created as /etc/smartd.conf.rpmnew[/code:1]

Of particular note to me was the system-auth changes. I’m not really sure what the “ uid >= 500 quiet” et al are for. Here’s what the diff looks like…

[code:1][root@server etc]# diff /etc/pam.d/system-auth /etc/pam.d/system-auth.rpmnew
< auth sufficient nullok try_first_pass
< auth requisite uid >= 500 quiet

> auth sufficient try_first_pass nullok
< account sufficient uid < 500 quiet
< account required
< password requisite try_first_pass retry=3
< password sufficient md5 shadow nullok try_first_pass use_authtok

> password required try_first_pass retry=3
> password sufficient try_first_pass use_authtok nullok md5 shadow[/code:1]

Anyone know if it’s okay for me to apply the new rpm? Are any of these settings related to virtualmin?

None are related to Virtualmin.

I’m sure the CentOS/RHEL folks know what they’re doing. At least, I hope so, since we’re all trusting them. :wink:

I see this file too
can I just rename /etc/pam.d/system-auth to /etc/pam.d/system-auth.old
/etc/pam.d/system-auth.rpmnew to /etc/pam.d/system-auth ?

Yeah, that’d work. I’m not sure what it’s intended to correct, but, again, I guess they know what they’re doing.

Oh, but even though we trust the Red Hat folks, I would suggest testing logins after making the change before ending your root session (e.g. start up another ssh session and make sure you can login). I don’t think system-auth has any impact on Webmin’s logins, even if you’re using PAM with Webmin, so you could probably fix any problems via Webmin…but better to be safe when talking about a remote server and PAM.

(For those having no idea what I’m talking about: PAM is the pluggable authentication modules system, which provides the mechanisms by with users are authenticated, or logged into, a Linux or UNIX system. If PAM is broken, logins will be broken. So, it is a potentially dangerous thing to tinker with.)