Configuration Of Pam Modules - Novell LINUX ENTERPRISE DESKTOP 10 SP2 - DEPLOYMENT GUIDE 08-05-2008 Deployment Manual

.conf. The pam_limits module loads the file /etc/security/limits.conf,
which may define limits on the use of certain system resources. The session modules
are called a second time when the user logs out.

24.3 Configuration of PAM Modules

Some of the PAM modules are configurable. The corresponding configuration files are
located in /etc/security. This section briefly describes the configuration files
relevant to the sshd example—pam_unix2.conf, pam_env.conf, pam_pwcheck
.conf, and limits.conf.
24.3.1 pam_unix2.conf
The traditional password-based authentication method is controlled by the PAM module
pam_unix2. It can read the necessary data from /etc/passwd, /etc/shadow,
NIS maps, NIS+ tables, or an LDAP database. The behavior of this module can be in-
fluenced by configuring the PAM options of the individual application itself or globally
by editing /etc/security/pam_unix2.conf. A very basic configuration file
for the module is shown in
Example 24.6 pam_unix2.conf
auth:
account:
password:
session:
The nullok option for module types auth and password specifies that empty
passwords are permitted for the corresponding type of account. Users are also allowed
to change passwords for their accounts. The none option for the module type session
specifies that no messages are logged on its behalf (this is the default). Learn about
additional configuration options from the comments in the file itself and from the
manual page pam_unix2(8).
500 Deployment Guide
Example 24.6, "pam_unix2.conf"
nullok
nullok
none
(page 500).