Novell LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION Installation Manual page 519
Hide thumbs
Also See for LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION:
- Manual (184 pages) ,
- Supplementary manual (50 pages) ,
- Quick manual (12 pages)
Table of Contents
Advertisement
successfully before sshd receives a message about the positive result. If one of the
modules is not successful, the entire module stack is still processed and only then is
sshd notified about the negative result.
As soon as all modules of the auth type have been successfully processed, another
include statement is processed, in this case, that in Example 27.3, "Default Configuration
for the account Section" (page 501). common-account contains just one module,
pam_unix2. If pam_unix2 returns the result that the user exists, sshd receives a
message announcing this success and the next stack of modules (password) is pro-
cessed, shown in Example 27.4, "Default Configuration for the password Section"
(page 501).
Example 27.3 Default Configuration for the account Section
account required
Example 27.4 Default Configuration for the password Section
password required
password required
#password required
Again, the PAM configuration of sshd involves just an include statement referring to
the default configuration for password modules located in common-password.
These modules must successfully be completed (control flag required) whenever
the application requests the change of an authentication token. Changing a password
or another authentication token requires a security check. This is achieved with the pam
_pwcheck module. The pam_unix2 module used afterwards carries over any old
and new passwords from pam_pwcheck, so the user does not need to authenticate
again. This also makes it impossible to circumvent the checks carried out by pam
_pwcheck. The modules of the password type should be used wherever the preceding
modules of the account or the auth type are configured to complain about an expired
password.
Example 27.5 Default Configuration for the session Section
session required
session required
session optional
As the final step, the modules of the session type, bundled in the common-session
file are called to configure the session according to the settings for the user in question.
pam_unix2.so
pam_pwcheck.so
nullok
pam_unix2.so
nullok use_first_pass use_authtok
pam_make.so
/var/yp
pam_limits.so
pam_unix2.so
pam_umask.so
Authentication with PAM
501
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION
Related Products for Novell LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION
- NOVELL BUSINESS CONTINUITY CLUSTERING 1.0 - ADMINISTRATION
- NOVELL CLIENT 1.0 FOR LINUX - README
- NOVELL SENTINEL LOG MANAGER 1.0.0.4 - S
- NOVELL SENTINEL LOG MANAGER 1.0.0.5 - S
- NOVELL ZENWORKS 10 ASSET MANAGEMENT SP3 - MIGRATION GUIDE 10.3 23-03-2010
- NOVELL ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - COMMAND LINE UTILITIES REFERENCE 10.3 30-03-2010
- NOVELL ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - PREBOOT SERVICES AND IMAGING REFERENCE 10.3 16-04-2010
- NOVELL ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - ZENWORKS REPORTING SERVER 10.3 30-04-2010
- NOVELL ZENWORKS 7.2 LINUX MANAGEMENT - SCENARIOS 1 03-30-2007
- NOVELL OPEN WORKGROUP SUITE SMALL BUSINESS EDITION 9.3 - ADMINISTRATION 10-2007
- Novell SUSELINUX ENTERPRISE DESKTOP 10 KDE
- Novell SUSE LINUX ENTERPRISE DESKTOP 10 SP1 KDE
- Novell LINUX ENTERPRISE 10 SP1 - LINUX AUDIT
- NOVELL BUSINESS CONTINUITY CLUSTERING FOR NETWARE 1.1 - ADMINISTRATION
- NOVELL DATA SYNCHRONIZER - UPDATE 1
- NOVELL LINUX ENTERPRISE DESKTOP 11 - KDE