Table of Contents
Advertisement
136
The seventh line specifies that if the login program changes the user's password, it should use the
pam_unix.so module to do so. (This will happen only if an auth module has determined that the
password needs to be changed — for example, if a shadow password has expired.)
session
The eighth and final line specifies that the pam_unix.so module should be used to manage the
session. Currently, that module does not do anything; it could be replaced by any necessary module
or supplemented by stacking.
Note that the order of the lines within each file matters. While the order in which required modules
are called does not matter much, there are other control flags available. While optional is rarely
used, sufficient and requisite cause order to become important.
As the next example, we will review the auth configuration for rlogin:
#%PAM-1.0
auth
auth
auth
auth
auth
First, pam_nologin.so checks to see if /etc/nologin exists. If is does, no one can log in
except for root.
auth
Second, pam_securetty.so keeps root logins from occurring on insecure terminals. This effec-
tively disallows all root rlogin attempts. If you wish to allow them (in which case you should be
behind a good firewall or not be connected to the Internet), see Section 7.4, Using rlogin , rsh , and
rexec with PAM.
auth
Third, the pam_env.so module loads the environmental variables specified in /etc/secu-
rity/pam_env.conf.
auth
Fourth, if pam_rhosts_auth.so authenticates the user using .rhosts in the user's home di-
rectory, PAM immediately authenticates the rlogin without moving on to do a normal password
authentication with pam_stack.so. If pam_rhosts_auth.so fails to authenticate the user,
that failed authentication is ignored.
auth
Chapter 7:Pluggable Authentication Modules (PAM)
required
/lib/security/pam_unix.so
required
/lib/security/pam_nologin.so
required
/lib/security/pam_securetty.so
required
/lib/security/pam_env.so
sufficient
/lib/security/pam_rhosts_auth.so
required
/lib/security/pam_stack.so service=system-auth
required
/lib/security/pam_securetty.so
required
/lib/security/pam_env.so
sufficient
/lib/security/pam_rhosts_auth.so
required
/lib/security/pam_stack.so service=system-auth
Advertisement
Table of Contents
Related Manuals for Red Hat LINUX 7.2
Related Products for Red Hat LINUX 7.2
- Red Hat LINUX 7.1 - ISERIES
- Red Hat CLUSTER FOR ENTERPRISE LINUX 5.0
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.6
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.1
- Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 4 - LVM ADMINISTRATOR
- Red Hat ENTERPRISE LINUX 4 - DEVELOPER TOOLS GUIDE
- Red Hat ENTERPRISE LINUX 5 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4.5.0 -
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat ENTERPRISE LINUX 5.1 - LVM ADMINISTRATION
- Red Hat ENTERPRISE LINUX 5.1 - LINUX ORACLE
- Red Hat ENTERPRISE LINUX 5.3 - RELEASE MANIFEST
- Red Hat ENTERPRISE LINUX 5.5 - S 2010
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.2
Need help?
Do you have a question about the LINUX 7.2 and is the answer not in the manual?
Questions and answers