UM on Gentoo Linux

The description below take the case to only use authenticate against rsbac.
Read this howto handbook user-managment and migrating users and groups to rsbac management.

The point 9. is valid for a Debian system. On a Gentoo is the main file to edit '/etc/pam.d/system-auth'.

Content from /etc/pam.d/system-auth

auth		required	pam_env.so 
auth		required	pam_unix.so try_first_pass likeauth nullok 
auth		optional	pam_permit.so
 
account		required	pam_unix.so 
account		optional	pam_permit.so
 
password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 credit=2 retry=3 
password	required	pam_unix.so try_first_pass use_authtok nullok sha512 shadow 
password	optional	pam_permit.so
 
session		required	pam_limits.so 
session		required	pam_env.so 
session		required	pam_unix.so 
session		optional	pam_permit.so

To activate the UM, replace all pam_unix.so with pam_rsbac.so.
Attention this should only done when all task for migration are done before.

The follow content allow only to authenticate against rsbac.

auth		required	pam_env.so 
auth          required    pam_rsbac.so
auth		optional	pam_permit.so
 
account     required    pam_rsbac.so 
account	optional	pam_permit.so
 
 
password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 
password   required    pam_rsbac.so
password	optional	pam_permit.so
 
session	required	pam_limits.so 
session	required	pam_env.so 
session      required    pam_rsbac.so
session	optional	pam_permit.so

To fully switch to RSBAC UM read Switch over.