Table of Contents
Advertisement
As the final step, the modules of the session type, bundled in the common-session
file are called to configure the session according to the settings for the user in question.
Although pam_unix2 is processed again, it has no practical consequences due to its
none option specified in the respective configuration file of this module, pam_unix2
.conf. The pam_limits module loads the file /etc/security/limits.conf,
which may define limits on the use of certain system resources. The session modules
are called a second time when user logs out.
27.3 Configuration of PAM Modules
Some of the PAM modules are configurable. The corresponding configuration files are
located in /etc/security. This section briefly describes the configuration files
relevant to the sshd example—pam_unix2.conf, pam_env.conf, pam_pwcheck
.conf, and limits.conf.
27.3.1 pam_unix2.conf
The traditional password-based authentication method is controlled by the PAM module
pam_unix2. It can read the necessary data from /etc/passwd, /etc/shadow,
NIS maps, NIS+ tables, or an LDAP database. The behavior of this module can be in-
fluenced by configuring the PAM options of the individual application itself or globally
by editing /etc/security/pam_unix2.conf. A very basic configuration file
for the module is shown in
Example 27.6 pam_unix2.conf
auth:
account:
password:
session:
The nullok option for module types auth and password specifies that empty
passwords are permitted for the corresponding type of account. Users are also allowed
to change passwords for their accounts. The none option for the module type session
specifies that no messages are logged on its behalf (this is the default). Learn about
additional configuration options from the comments in the file itself and from the
manual page pam_unix2(8).
500
Installation and Administration
Example 27.6, "pam_unix2.conf"
nullok
nullok
none
(page 500).
Advertisement
Table of Contents
Troubleshooting
