How do I test the changes to the pam.d configuration files:
- Do I need to restart the PAM service to test the changes?
- Should I go through every service listed in the
/etc/pam.d/directory?
I'm about to make changes to the pam.d/common-* files in an effort to put an Ubuntu box into an active directory controlled network.
I'm just learning what to do, so I'm preparing the configuration in a VM, which I plan to deploy in metal in the coming week.
It is a clean install of Ubuntu 10.04 Beta 2 server, so other than SSH daemon, all other services are stock.
PAM configuration files are read dynamically. To test, you can authenticate to the appropriate software and view the logs.
It is often wise to understand all the configuration files in question if you are attempting to make expansive configuration changes.
PAM man page
I usually use the pamtester for checking the pam configuration, this way I can check whatever all restrictions are working correctly on all services that have specific config files without using specific clients for each and every service.
Try using OsSec http://ossec-docs.readthedocs.io/en/latest/index.html it notifies you about the changes to pam.d/common