[[wiki:experiences/igraltist#um_gentoo|Back to igraltist's experiences]]\\
















====== UM on Gentoo Linux ======


===== System preparation =====
The description below take the case to only use authenticate against rsbac.\\
Read this howto [[http://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/user_management|handbook user-managment]]
and [[http://www.rsbac.org/wiki/experiences/telmich#migrating_users_and_groups_to_rsbac_management|migrating users and groups to rsbac management]].

The point 9. is valid for a Debian system.
On a Gentoo is the main file to edit '/etc/pam.d/system-auth'.

Content from /etc/pam.d/system-auth 

<code bash>
auth		required	pam_env.so 
auth		required	pam_unix.so try_first_pass likeauth nullok 
auth		optional	pam_permit.so
 
account		required	pam_unix.so 
account		optional	pam_permit.so
 
password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 credit=2 retry=3 
password	required	pam_unix.so try_first_pass use_authtok nullok sha512 shadow 
password	optional	pam_permit.so
 
session		required	pam_limits.so 
session		required	pam_env.so 
session		required	pam_unix.so 
session		optional	pam_permit.so
</code>

To activate the UM, replace all pam_unix.so with pam_rsbac.so.\\
Attention this should only done when all task for migration are done before.


The follow content allow only to authenticate against rsbac. 

<code bash>
auth		required	pam_env.so 
auth          required    pam_rsbac.so
auth		optional	pam_permit.so
 
account     required    pam_rsbac.so 
account	optional	pam_permit.so
 

password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 
password   required    pam_rsbac.so
password	optional	pam_permit.so
 
session	required	pam_limits.so 
session	required	pam_env.so 
session      required    pam_rsbac.so
session	optional	pam_permit.so
</code>

To fully switch to RSBAC UM read [[http://www.rsbac.org/documentation/rsbac_handbook/configuration_basics/user_management#switch_over|Switch over]].