Table of Contents
Advertisement
134
•
sufficient flagged modules checks are ignored if they fail. But, if a sufficient flagged
module is successfully checked and no required flagged modules above it have failed, then
no other modules of this module type are checked and this module type is considered to have
successfully been checked as a whole.
•
optional flagged modules are not crucial for the overall success or failure of that module type's
authentication. The only time they play a role is when no other modules of that module type
have succeeded or failed. In this case, the success or failure of an optional flagged module
determines the overall PAM authentication for that module type.
A newer control flag syntax that allows for even more control is now available for PAM. Please see
the PAM docs located in /usr/share/doc/pam— <version-number> for information on this
new syntax.
7.2.4 PAM Module Paths
Module paths tell PAM where to find the pluggable module to be used with the module type specified.
Usually, it is provided as the full path to the module, such as /lib/security/pam_stack.so.
However, if the full path is not given (in other words, the path does not start with a /), then the module
indicated is assumed to be in /lib/security, the default location for PAM modules.
7.2.5 PAM Arguments
PAM uses arguments to pass information to a pluggable module during authentication for a particular
module type. These arguments allow the PAM configuration files for particular programs to use a
common PAM module but in different ways.
For example, the pam_userdb.so module uses secrets stored in a Berkeley DB file to authenti-
cate the user. (Berkeley DB is an open source database system designed to be embedded in many
application to track particular types of information.) The module takes a db argument, specifying the
Berkeley DB filename to use, which can be different for different services.
So, the pam_userdb.so line in a PAM configuration file look like this:
auth
Invalid arguments are ignored and do not otherwise affect the success or failure of the PAM module.
When an invalid argument is passed, an error is usually written to /var/log/messages. However,
as the reporting method is controlled by the PAM module, so it is up to the module to correctly log
the error.
7.2.6 PAM Configuration File Samples
A sample PAM application configuration file looks like this:
Chapter 7:Pluggable Authentication Modules (PAM)
/lib/security/pam_userdb.so db= path / to / file
required
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Red Hat LINUX 7.2
Related Products for Red Hat LINUX 7.2
- Red Hat LINUX 7.1 - ISERIES
- Red Hat CLUSTER FOR ENTERPRISE LINUX 5.0
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.6
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.1
- Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 4 - LVM ADMINISTRATOR
- Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE
- Red Hat ENTERPRISE LINUX 5 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4.5.0 -
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat ENTERPRISE LINUX 5.1 - LVM ADMINISTRATION
- Red Hat ENTERPRISE LINUX 5.1 - LINUX ORACLE
- Red Hat ENTERPRISE LINUX 5.3 - RELEASE MANIFEST
- Red Hat ENTERPRISE LINUX 5.5 - S 2010
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.2
Need help?
Do you have a question about the LINUX 7.2 and is the answer not in the manual?
Questions and answers