Table of Contents
Advertisement
Section 7.2:PAM Configuration Files
#%PAM-1.0
auth
required
auth
required
auth
required
account
required
password
required
password
required
session
required
The first line is a comment (any line starting with a
stack three modules to use for login authentication.
auth
required
Line two makes sure that if the user is trying to log in as root, the tty on which they are logging in is
listed in the /etc/securetty file, if that file exists.
auth
required
Line three causes the user to be asked for a password and the password to be checked, using the infor-
mation store in /etc/passwd, and if it exists, /etc/shadow.
auth
required
Line four checks to see if the file /etc/nologin exists. If /etc/nologin exists and the user is
not root, the authentication fails.
Note that all three auth modules are checked, even if the first auth module fails. This strategy
prevents the user from knowing why their authentication was not allowed. Knowing why their au-
thentication failed might allow them to break the authentication more easily on their next try. You can
change this behavior by changing required to requisite. If any requisite module returns
failure, PAM fails immediately without calling any other modules.
account
required
The fifth line causes any necessary account verification to be done. For example, if shadow passwords
have been enabled, the pam_unix.so module will check to see if the account has expired or if the
user has not changed their password within the grace period allowed.
password
required
The sixth line tests a newly changed password by seeing whether the password can easily be deter-
mined by a dictionary-based password cracking program.
password
required
/lib/security/pam_securetty.so
/lib/security/pam_unix.so shadow nullok
/lib/security/pam_nologin.so
/lib/security/pam_unix.so
/lib/security/pam_cracklib.so
/lib/security/pam_unix.so shadow nullok use_authtok
/lib/security/pam_unix.so
#
character is a comment). Lines two through four
/lib/security/pam_securetty.so
/lib/security/pam_unix.so nullok
/lib/security/pam_nologin.so
/lib/security/pam_unix.so
/lib/security/pam_cracklib.so
/lib/security/pam_unix.so shadow nullok use_authtok
135
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Red Hat LINUX 7.2
Related Products for Red Hat LINUX 7.2
- Red Hat LINUX 7.1 - ISERIES
- Red Hat CLUSTER FOR ENTERPRISE LINUX 5.0
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.6
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.1
- Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 4 - LVM ADMINISTRATOR
- Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE
- Red Hat ENTERPRISE LINUX 5 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4.5.0 -
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat ENTERPRISE LINUX 5.1 - LVM ADMINISTRATION
- Red Hat ENTERPRISE LINUX 5.1 - LINUX ORACLE
- Red Hat ENTERPRISE LINUX 5.3 - RELEASE MANIFEST
- Red Hat ENTERPRISE LINUX 5.5 - S 2010
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.2
Need help?
Do you have a question about the LINUX 7.2 and is the answer not in the manual?
Questions and answers