Table of Contents
Advertisement
that all modules of the stack have the required control flag, they must all be processed
successfully before sshd receives a message about the positive result. If one of the
modules is not successful, the entire module stack is still processed and only then is
sshd notified about the negative result.
As soon as all modules of the auth type have been successfully processed, another
include statement is processed, in this case, that in
for the account Section"
pam_unix2. If pam_unix2 returns the result that the user exists, sshd receives a
message announcing this success and the next stack of modules (password) is pro-
cessed, shown in
Example 27.4, "Default Configuration for the password Section"
(page 499).
Example 27.3 Default Configuration for the account Section
account required
Example 27.4 Default Configuration for the password Section
password required
password required
#password required
Again, the PAM configuration of sshd involves just an include statement referring to
the default configuration for password modules located in common-password.
These modules must successfully be completed (control flag required) whenever
the application requests the change of an authentication token. Changing a password
or another authentication token requires a security check. This is achieved with the pam
_pwcheck module. The pam_unix2 module used afterwards carries over any old
and new passwords from pam_pwcheck, so the user does not need to authenticate
again. This also makes it impossible to circumvent the checks carried out by pam
_pwcheck. The modules of the password type should be used wherever the preceding
modules of the account or the auth type are configured to complain about an expired
password.
Example 27.5 Default Configuration for the session Section
session required
session required
(page 499). common-account contains just one module,
pam_unix2.so
pam_pwcheck.so
nullok
pam_unix2.so
nullok use_first_pass use_authtok
pam_make.so
/var/yp
pam_limits.so
pam_unix2.so
Example 27.3, "Default Configuration
Authentication with PAM
499
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007
Related Products for Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007
- NOVELL BUSINESS CONTINUITY CLUSTERING FOR NETWARE 1.1 - ADMINISTRATION
- NOVELL BUSINESS CONTINUITY CLUSTERING 1.1 SP2 - ADMINISTRATION
- NOVELL LINUX ENTERPRISE 11 - HIGH AVAILABILITY
- NOVELL LINUX ENTERPRISE DESKTOP 11 - GNOME
- NOVELL LINUX ENTERPRISE DESKTOP 11 - KDE
- NOVELL LINUX ENTERPRISE SERVER 10 - ARCHITECTURE-SPECIFIC INFORMATION 11-12-2006
- NOVELL LINUX ENTERPRISE 11 SP1 - LINUX AUDIT
- Novell LINUX ENTERPRISE SERVER 11 SUSE
- NOVELL DATA SYNCHRONIZER - UPDATE 1
- NOVELL LINUX ENTERPRISE SERVER 10 SP1 - ARCHITECTURE-SPECIFIC INFORMATION 15-03-2007
- NOVELL LINUX ENTERPRISE SERVER 10 SP3 - ARCHITECTURE-SPECIFIC
- NOVELL ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - COMMAND LINE UTILITIES REFERENCE 10.3 30-03-2010
- NOVELL APPARMOR 1.2 - QUICK GUIDE AND
- NOVELL APPARMOR 1.2
- NOVELL OPEN WORKGROUP SUITE SMALL BUSINESS EDITION 9.3 - ADMINISTRATION 10-2007
- Novell SUSE LINUX ENTERPRISE DESKTOP 10 SP1 KDE