Table of Contents
Advertisement
Example 27.1 PAM Configuration for sshd
#%PAM-1.0
auth
auth
account
password include
session
# Enable the following line to get resmgr support for
# ssh sessions (see /usr/share/doc/packages/resmgr/README.SuSE)
#session
The typical PAM configuration of an application (sshd, in this case) contains four include
statements referring to the configuration files of four module types: common-auth,
common-account, common-password, and common-session. These four
files hold the default configuration for each module type. By including them instead of
calling each module separately for each PAM application, automatically get an updated
PAM configuration if the administrator changes the defaults. In former times, you had
to adjust all configuration files manually for all applications when changes to PAM
occurred or a new application was installed. Now the PAM configuration is made with
central configuration files and all changes are automatically inherited by the PAM
configuration of each service.
The first include file (common-auth) calls two modules of the auth type: pam_env
and pam_unix2. See
(page 498).
Example 27.2 Default Configuration for the auth Section
auth
auth
The first one, pam_env, loads the file /etc/security/pam_env.conf to set
the environment variables as specified in this file. This can be used to set the DISPLAY
variable to the correct value, because the pam_env module knows about the location
from which the login is taking place. The second one, pam_unix2, checks the user's
login and password against /etc/passwd and /etc/shadow.
After the modules specified in common-auth have been successfully called, a third
module called pam_nologin checks whether the file /etc/nologin exists. If it
does, no user other than root may log in. The whole stack of auth modules is pro-
cessed before sshd gets any feedback about whether the login has succeeded. Given
498
Installation and Administration
include
common-auth
required
pam_nologin.so
include
common-account
common-password
include
common-session
optional
pam_resmgr.so fake_ttyname
Example 27.2, "Default Configuration for the auth Section"
required
pam_env.so
required
pam_unix2.so
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007
Related Products for Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007
- NOVELL BUSINESS CONTINUITY CLUSTERING FOR NETWARE 1.1 - ADMINISTRATION
- NOVELL BUSINESS CONTINUITY CLUSTERING 1.1 SP2 - ADMINISTRATION
- NOVELL LINUX ENTERPRISE 11 - HIGH AVAILABILITY
- NOVELL LINUX ENTERPRISE DESKTOP 11 - GNOME
- NOVELL LINUX ENTERPRISE DESKTOP 11 - KDE
- NOVELL LINUX ENTERPRISE SERVER 10 - ARCHITECTURE-SPECIFIC INFORMATION 11-12-2006
- NOVELL LINUX ENTERPRISE 11 SP1 - LINUX AUDIT
- Novell LINUX ENTERPRISE SERVER 11 SUSE
- NOVELL DATA SYNCHRONIZER - UPDATE 1
- NOVELL LINUX ENTERPRISE SERVER 10 SP1 - ARCHITECTURE-SPECIFIC INFORMATION 15-03-2007
- NOVELL LINUX ENTERPRISE SERVER 10 SP3 - ARCHITECTURE-SPECIFIC
- NOVELL ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - COMMAND LINE UTILITIES REFERENCE 10.3 30-03-2010
- NOVELL APPARMOR 1.2 - QUICK GUIDE AND
- NOVELL APPARMOR 1.2
- NOVELL OPEN WORKGROUP SUITE SMALL BUSINESS EDITION 9.3 - ADMINISTRATION 10-2007
- Novell SUSE LINUX ENTERPRISE DESKTOP 10 SP1 KDE