jf wrote:
> I did update all the configurations files that I thought I had to, but I
> still get 5 files to update, and, as they are related to pam ( which I
> thought was not used anymore ), I don't know what to do, I wouldn' like to
> get login problems ;) . Could anyone help me with that ?
> ********************************
> 1) /etc/conf.d/hostname (1)
> 2) /etc/pam.d/login (1)
> 3) /etc/securetty (1)
> 4) /etc/pam.d/sshd (1)
> 5) /etc/pam.d/system-auth (1)
> Please select a file to edit by entering the corresponding number.
> (don't use -3, -5, -7 or -9 if you're unsure what to do)
> (-1 to exit) (-3 to auto merge all remaining files)
> (-5 to auto-merge AND not use 'mv -i')
> (-7 to discard all updates)
> (-9 to discard all updates AND not use 'rm -i'):
> ********************************

Use dispatch-conf instead of etc-update. It shows what the differences
are and offers to merge them or simply use the new ones.

jf <cestpasjihef@free.fr> wrote:
> Hi u all :)
> I've recently ( with your help :) ) , completely reinstalled my
> Gentoo, and it works well ( some things could be optimzed, but it's
> OK for now ;) ). I make a emerge --sync and emerge -uDv world to keep
> my system up-to-date . I did update all the configurations files that
> I thought I had to, but I still get 5 files to update, and, as they
> are related to pam ( which I thought was not used anymore ), I don't
> know what to do, I wouldn' like to get login problems ;) . Could
> anyone help me with that ? ********************************
> 1) /etc/conf.d/hostname (1)
> 2) /etc/pam.d/login (1)
> 3) /etc/securetty (1)
> 4) /etc/pam.d/sshd (1)
> 5) /etc/pam.d/system-auth (1)
> Please select a file to edit by entering the corresponding number.
> (don't use -3, -5, -7 or -9 if you're unsure what to do)
> (-1 to exit) (-3 to auto merge all remaining files)
> (-5 to auto-merge AND not use 'mv -i')
> (-7 to discard all updates)
> (-9 to discard all updates AND not use 'rm
> -i'): ********************************
>
> Thanks a lot,

Automated merge is something I wouldn't recommend. Do a diff on the files,
and eyeball the actual differences:

cd /etc
find . -name '._*'
diff /etc/wherever/._cfg0000_filename /etc/wherever/filename
(for each file found)

In the output, what's marked with < is present only in the first (new) file,
what's marked with > is only in the second (old) file.
If something is in the older file and not in the ._* file, and it looks like
a sensible thing to keep, edit the ._cfg* file, then do another diff to
verify that there's not anything more you need, and when you're satisfied,
move the ._cfg* file onto the old file:
mv /etc/wherever/._cfg0000_filename /etc/wherever/filename

In some cases, options change, in which case it's /usually/ mentioned in a
comment (which will show up with "< #" preceding it in the new file), which
helps you make the change. However, in some cases, you need to check the
man page.
If in doubt, and there doesn't appear to be any changes in the diffs that
you might have manually put there, just assume that the new file (._cfg*
file) has a sensible default, and move it into place.

Chances are, based on you asking this, that there's nothing in the old
/etc/pam.d/* and /etc/securetty files you want to keep, so just move the
.._cfg* files over the real file for those. The hostname file, however, is
almost certainly one you have modified (if it isn't, it *should* have been),
so you want to make sure that the HOSTNAME="whatever" line gets edited into
to the new (._cfg0000_hostname) file before moving it over. (If that's the
/only/ difference when doing diff, just rm the ._cfg file instead of
editing/copying).

If paranoid, which good Unix admins tend to be, you will also make a copy of
the unmodified ._cfg file so you have the defaults, and also make a backup
copy of your old file before moving the ._cfg file over it:
cp /etc/._cfg0000_somefile /etc/somefile.default
cp /etc/somefile /etc/somefile.O
vi /etc/._cfg0000_somefile
mv /etc/._cfg0000_somefile /etc/somefile
This leaves you with three files:
/etc/somefile # the active file
/etc/somefile.default # the unedited defaults for this file
/etc/somefile.O # the old version of the file

(The reason for my using filename.O and not, for instance, filename.bak is a
historical preference: several commercial Unix versions use .N and .O for
new and old files (filename.N would be equivalent to gentoo's
.._cfg0000_filename), and there are tools that understand that convention.
If you're an old Windows user, you might want to use .bak instead. It
doesn't really matter unless you use tools that look at how the file is
named.)

Regards,
--
*Art

jf wrote:
> Hi u all :)
> I've recently ( with your help :) ) , completely reinstalled my Gentoo, and
> it works well ( some things could be optimzed, but it's OK for now ;) ). I
> make a emerge --sync and emerge -uDv world to keep my system up-to-date . I
> did update all the configurations files that I thought I had to, but I
> still get 5 files to update, and, as they are related to pam ( which I
> thought was not used anymore ), I don't know what to do, I wouldn' like to
> get login problems ;) . Could anyone help me with that ?
> ********************************
> 1) /etc/conf.d/hostname (1)
> 2) /etc/pam.d/login (1)
> 3) /etc/securetty (1)
> 4) /etc/pam.d/sshd (1)
> 5) /etc/pam.d/system-auth (1)
> Please select a file to edit by entering the corresponding number.
> (don't use -3, -5, -7 or -9 if you're unsure what to do)
> (-1 to exit) (-3 to auto merge all remaining files)
> (-5 to auto-merge AND not use 'mv -i')
> (-7 to discard all updates)
> (-9 to discard all updates AND not use 'rm -i'):
> ********************************

If you select '1', you will generally get the difference between the
current version and the version portage wanted to install, then you have
different options, keep the old one, use the new one or make a
interactive update (this option is quite difficult). Check the
difference, make up your mind what to do with the hostname file and then
repeat this with those files you have done changes on, files you never
have done any changes, leave those to last and run a -5.



--

//Aho

Hi u all :)
I've recently ( with your help :) ) , completely reinstalled my Gentoo, and
it works well ( some things could be optimzed, but it's OK for now ;) ). I
make a emerge --sync and emerge -uDv world to keep my system up-to-date . I
did update all the configurations files that I thought I had to, but I
still get 5 files to update, and, as they are related to pam ( which I
thought was not used anymore ), I don't know what to do, I wouldn' like to
get login problems ;) . Could anyone help me with that ?
********************************
1) /etc/conf.d/hostname (1)
2) /etc/pam.d/login (1)
3) /etc/securetty (1)
4) /etc/pam.d/sshd (1)
5) /etc/pam.d/system-auth (1)
Please select a file to edit by entering the corresponding number.
(don't use -3, -5, -7 or -9 if you're unsure what to do)
(-1 to exit) (-3 to auto merge all remaining files)
(-5 to auto-merge AND not use 'mv -i')
(-7 to discard all updates)
(-9 to discard all updates AND not use 'rm -i'):
********************************

Thanks a lot,
jf

Nikos Chantziaras wrote:
>
> Use dispatch-conf instead of etc-update. It shows what the differences
> are and offers to merge them or simply use the new ones.

here are the answers :
***********************
# /etc/conf.d/hostname

# Set to the hostname of this machine
-HOSTNAME="jef"
+HOSTNAME="localhost"

>> (1 of 5) -- /etc/conf.d/hostname
>> q quit, h help, n next, e edit-new, z zap-new, u use-new
m merge, t toggle-merge, l look-merge:
************************* the following is one that scares me ;)
--- /etc/pam.d/login 2007-04-20 00:54:26.000000000 +0000
+++ /etc/pam.d/._cfg0000_login 2008-04-04 19:54:23.000000000 +0000
@@ -1,24 +1,21 @@
#%PAM-1.0

auth required pam_securetty.so
-auth include system-auth
-auth required pam_tally.so file=/var/log/faillog onerr=succeed
no_magic_root
+auth required pam_tally.so file=/var/log/faillog onerr=succeed
auth required pam_shells.so
auth required pam_nologin.so
+auth include system-auth

account required pam_access.so
account include system-auth
-account required pam_tally.so deny=0 file=/var/log/faillog
onerr=succeed no_magic_root
+account required pam_tally.so file=/var/log/faillog onerr=succeed

password include system-auth

-session include system-auth
session required pam_env.so
session optional pam_lastlog.so
session optional pam_motd.so motd=/etc/motd
session optional pam_mail.so
************************************ this one too
--- /etc/pam.d/sshd 2007-04-20 00:54:30.000000000 +0000
+++ /etc/pam.d/._cfg0000_sshd 2008-04-04 20:21:05.000000000 +0000
@@ -1,8 +1,8 @@
#%PAM-1.0

-auth include system-auth
auth required pam_shells.so
auth required pam_nologin.so
+auth include system-auth
account include system-auth
password include system-auth
session include system-auth

>> (3 of 5) -- /etc/pam.d/sshd
>> q quit, h help, n next, e edit-new, z zap-new, u use-new
m merge, t toggle-merge, l look-merge:
****************** and this ;)
--- /etc/pam.d/system-auth 2007-04-20 00:54:20.000000000 +0000
+++ /etc/pam.d/._cfg0000_system-auth 2008-04-04 19:32:52.000000000 +0000
@@ -1,13 +1,13 @@
#%PAM-1.0

auth required pam_env.so
-auth sufficient pam_unix.so likeauth nullok
+auth sufficient pam_unix.so try_first_pass likeauth nullok
auth required pam_deny.so

account required pam_unix.so

-password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2
retry=3
-password sufficient pam_unix.so nullok md5 shadow use_authtok
+password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2
try_first_pass retry=3
+password sufficient pam_unix.so try_first_pass use_authtok nullok md5
shadow
password required pam_deny.so

session required pam_limits.so

>> (4 of 5) -- /etc/pam.d/system-auth
>> q quit, h help, n next, e edit-new, z zap-new, u use-new
m merge, t toggle-merge, l look-merge:
*********** and the last one
--- /etc/securetty 2008-03-29 20:24:23.000000000 +0000
+++ /etc/._cfg0000_securetty 2008-04-04 19:54:09.000000000 +0000
@@ -1,5 +1,7 @@
# /etc/securetty: list of terminals on which root is allowed to login.
# See securetty(5) and login(1).
+console
+
vc/0
vc/1
vc/2
@@ -29,4 +31,3 @@

tts/0
ttyS0
-tts/0

>> (5 of 5) -- /etc/securetty
>> q quit, h help, n next, e edit-new, z zap-new, u use-new
m merge, t toggle-merge, l look-merge:

**********************
thanks again
jf
-# If you want to enable pam_console, uncomment the following line
-# and read carefully README.pam_console in /usr/share/doc/pam*
-#session optional pam_console.so
+session include system-auth

Nikos Chantziaras <realnc@arcor.de> writes:

>jf wrote:
>> I did update all the configurations files that I thought I had to, but I
>> still get 5 files to update, and, as they are related to pam ( which I
>> thought was not used anymore ), I don't know what to do, I wouldn' like to
>> get login problems ;) . Could anyone help me with that ?

Update the files.

>> ********************************
>> 1) /etc/conf.d/hostname (1)

The name of your computer.

>> 2) /etc/pam.d/login (1)
The login things which you need.

>> 3) /etc/securetty (1)
The security options for your tty(ie is root allowed to log in on one of
those ttys.)

>> 4) /etc/pam.d/sshd (1)
>> 5) /etc/pam.d/system-auth (1)

And two other pam modules.


>> Please select a file to edit by entering the corresponding number.
>> (don't use -3, -5, -7 or -9 if you're unsure what to do)
>> (-1 to exit) (-3 to auto merge all remaining files)
>> (-5 to auto-merge AND not use 'mv -i')
>> (-7 to discard all updates)
>> (-9 to discard all updates AND not use 'rm -i'):
>> ********************************

>Use dispatch-conf instead of etc-update. It shows what the differences
>are and offers to merge them or simply use the new ones.

Also a good idea.

It looks like you want to change the hostname, (Ie leave the old file
there) and in all the others accept the new default (the try_first_pass is
the main new option in pam, and I have no idea what it does. )


jf <cestpasjihef@free.fr> writes:

>Nikos Chantziaras wrote:
>>
>> Use dispatch-conf instead of etc-update. It shows what the differences
>> are and offers to merge them or simply use the new ones.

>here are the answers :
>***********************
> # /etc/conf.d/hostname

> # Set to the hostname of this machine
>-HOSTNAME="jef"
>+HOSTNAME="localhost"

>>> (1 of 5) -- /etc/conf.d/hostname
>>> q quit, h help, n next, e edit-new, z zap-new, u use-new
> m merge, t toggle-merge, l look-merge:
>************************* the following is one that scares me ;)
>--- /etc/pam.d/login 2007-04-20 00:54:26.000000000 +0000
>+++ /etc/pam.d/._cfg0000_login 2008-04-04 19:54:23.000000000 +0000
>@@ -1,24 +1,21 @@
> #%PAM-1.0

> auth required pam_securetty.so
>-auth include system-auth
>-auth required pam_tally.so file=/var/log/faillog onerr=succeed
>no_magic_root
>+auth required pam_tally.so file=/var/log/faillog onerr=succeed
> auth required pam_shells.so
> auth required pam_nologin.so
>+auth include system-auth

> account required pam_access.so
> account include system-auth
>-account required pam_tally.so deny=0 file=/var/log/faillog
>onerr=succeed no_magic_root
>+account required pam_tally.so file=/var/log/faillog onerr=succeed

> password include system-auth

>-session include system-auth
> session required pam_env.so
> session optional pam_lastlog.so
> session optional pam_motd.so motd=/etc/motd
> session optional pam_mail.so
>************************************ this one too
>--- /etc/pam.d/sshd 2007-04-20 00:54:30.000000000 +0000
>+++ /etc/pam.d/._cfg0000_sshd 2008-04-04 20:21:05.000000000 +0000
>@@ -1,8 +1,8 @@
> #%PAM-1.0

>-auth include system-auth
> auth required pam_shells.so
> auth required pam_nologin.so
>+auth include system-auth
> account include system-auth
> password include system-auth
> session include system-auth

>>> (3 of 5) -- /etc/pam.d/sshd
>>> q quit, h help, n next, e edit-new, z zap-new, u use-new
> m merge, t toggle-merge, l look-merge:
>****************** and this ;)
>--- /etc/pam.d/system-auth 2007-04-20 00:54:20.000000000 +0000
>+++ /etc/pam.d/._cfg0000_system-auth 2008-04-04 19:32:52.000000000 +0000
>@@ -1,13 +1,13 @@
> #%PAM-1.0

> auth required pam_env.so
>-auth sufficient pam_unix.so likeauth nullok
>+auth sufficient pam_unix.so try_first_pass likeauth nullok
> auth required pam_deny.so

> account required pam_unix.so

>-password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2
>retry=3
>-password sufficient pam_unix.so nullok md5 shadow use_authtok
>+password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2
>try_first_pass retry=3
>+password sufficient pam_unix.so try_first_pass use_authtok nullok md5
>shadow
> password required pam_deny.so

> session required pam_limits.so

>>> (4 of 5) -- /etc/pam.d/system-auth
>>> q quit, h help, n next, e edit-new, z zap-new, u use-new
> m merge, t toggle-merge, l look-merge:
>*********** and the last one
>--- /etc/securetty 2008-03-29 20:24:23.000000000 +0000
>+++ /etc/._cfg0000_securetty 2008-04-04 19:54:09.000000000 +0000
>@@ -1,5 +1,7 @@
> # /etc/securetty: list of terminals on which root is allowed to login.
> # See securetty(5) and login(1).
>+console
>+
> vc/0
> vc/1
> vc/2
>@@ -29,4 +31,3 @@

> tts/0
> ttyS0
>-tts/0

>>> (5 of 5) -- /etc/securetty
>>> q quit, h help, n next, e edit-new, z zap-new, u use-new
> m merge, t toggle-merge, l look-merge:

>**********************
>thanks again
>jf
>-# If you want to enable pam_console, uncomment the following line
>-# and read carefully README.pam_console in /usr/share/doc/pam*
>-#session optional pam_console.so
>+session include system-auth

Unruh wrote:

>
> It looks like you want to change the hostname, (Ie leave the old file
> there) and in all the others accept the new default (the try_first_pass is
> the main new option in pam, and I have no idea what it does. )
>

Thanks again, I've done that. I still have a lot to learn ;)

regards,
jf

On Mon, 21 Apr 2008, jf wrote:

> Unruh wrote:
>
>>
>> It looks like you want to change the hostname, (Ie leave the old file
>> there) and in all the others accept the new default (the try_first_pass is
>> the main new option in pam, and I have no idea what it does. )
>>
>
> Thanks again, I've done that. I still have a lot to learn ;)

Start by using dispatch-conf instead of etc-update. Configure it to use
RCS and replace unmodified files and you will find that it automatically
handles updates to most of the /etc files.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In message <Pine.LNX.4.64.0804222130190.17907@newhome>, Whoever wrote:

> On Mon, 21 Apr 2008, jf wrote:
>
>> Unruh wrote:
>>
>>>
>>> It looks like you want to change the hostname, (Ie leave the old file
>>> there) and in all the others accept the new default (the try_first_pass
>>> is the main new option in pam, and I have no idea what it does. )
>>>
>>
>> Thanks again, I've done that. I still have a lot to learn ;)
>
> Start by using dispatch-conf instead of etc-update. Configure it to use
> RCS and replace unmodified files and you will find that it automatically
> handles updates to most of the /etc files.

Better yet, try using cfg-update instead of both dispatch-conf and
etc-update. I have used all 3 and found cfg-update to be the most automatic
of them.

- --
Regards

Dave [RLU#314465]
================================================== ====
dwnoon@spamtrap.ntlworld.com (David W Noon)
Remove spam trap to reply via e-mail.
================================================== ====

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkgPOD4ACgkQ9MqaUJQw2MkFFgCfQUk1Qy1ycn Q+tVbflLU6gXnx
HHYAoKF6d8W9H0mZUtsvf8QsGpWXwn8a
=k3JN
-----END PGP SIGNATURE-----