Sample Pam Configuration Files - Red Hat ENTERPRISE LINUX 3 Reference Manual
Hide thumbs
Also See for ENTERPRISE LINUX 3:
- Manual (410 pages) ,
- System administration manual (348 pages) ,
- Administration manual (200 pages)
Table of Contents
Advertisement
232
In the previous example, replace
file.
Invalid arguments are ignored and do not otherwise affect the success or failure of the PAM module.
However, most modules will report an error to the
15.4. Sample PAM Configuration Files
Below is a sample PAM application configuration file:
#%PAM-1.0
auth
required
auth
required
auth
required
account
required
password
required
password
required
session
required
The first line is a comment as denoted by the hash mark (
Lines two through four stack three modules for login authentication.
auth
required
This module makes sure that if the user is trying to log in as root, the tty on which the user is logging
in is listed in the
/etc/securetty
auth
required
This module prompts the user for a password and then checks the password using the information
stored in
/etc/passwd
detects and uses shadow passwords to authenticate users. Please refer to Section 6.5 Shadow Pass-
words for more information.
The argument
nullok
auth
required
This is the final authentication step. It verifies whether or not the file
does exist and the user is not root, authentication fails.
nologin
Note
In this example, all three
the user from knowing at what stage their authentication failed. Such knowledge in the hands of an
attacker could allow them to more easily deduce how to crack the system.
account
required
This module performs any necessary account verification. For example, if shadow passwords have
been enabled, the account component of the
expired or if the user has not changed the password within the grace period allowed.
password
required
Chapter 15. Pluggable Authentication Modules (PAM)
path-to-file with the full path to the Berkeley DB database
pam_securetty.so
pam_unix.so shadow nullok
pam_nologin.so
pam_unix.so
pam_cracklib.so retry=3
pam_unix.so shadow nullok use_authtok
pam_unix.so
pam_securetty.so
file, if that file exists.
pam_unix.so shadow nullok
and, if it exists,
/etc/shadow
instructs the
pam_unix.so
pam_nologin.so
modules are checked, even if the first
auth
pam_unix.so
pam_cracklib.so retry=3
/var/log/messages
) at the beginning of the line.
#
. The
pam_unix.so
module to allow a blank password.
module checks to see if the account has
pam_unix.so
file.
module automatically
/etc/nologin
module fails. This prevents
auth
exists. If
Advertisement
Table of Contents
Related Manuals for Red Hat ENTERPRISE LINUX 3
Related Products for Red Hat ENTERPRISE LINUX 3
- Red Hat ENTERPRISE LINUX 3 - FOR IBM ESERVER ISERIES AND IBM ESERVER PSERIES
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.5
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.7
- Red Hat ENTERPRISE LINUX 4 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4.5.0 -
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE
- Red Hat LINUX 7.1 - ISERIES
- Red Hat Enterprise Linux 2.1
- Red Hat ENTERPRISE LINUX 5 - VIRTUAL SERVER ADMINISTRATION
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.2
- Red Hat ENTERPRISE LINUX 5.5 - S 2010
- Red Hat ENTERPRISE LINUX 5.3 - RELEASE MANIFEST
- Red Hat ENTERPRISE LINUX 5.1 - LINUX ORACLE
Need help?
Do you have a question about the ENTERPRISE LINUX 3 and is the answer not in the manual?