The Pam Configuration Of Sshd - Novell LINUX ENTERPRISE SERVER 11 - SECURITY Manual
Hide thumbs
Also See for LINUX ENTERPRISE SERVER 11 - SECURITY:
- Installation (5 pages) ,
- Administration manual (452 pages)
Table of Contents
Advertisement
The module path does not need to be specified explicitly, as long as the module is lo-
cated in the default directory /lib/security (for all 64-bit platforms supported by
SUSE® Linux Enterprise Server, the directory is /lib64/security). The fourth
column may contain an option for the given module, such as debug (enables debugging)
or nullok (allows the use of empty passwords).
NOTE: 64-Bit and 32-Bit Mixed Installations
When using a 64-Bit operating system, it is possible to also include a runtime
environment for 32-Bit applications. In this case, make sure that you install
both versions of the respective pam modules when installing new modules.
2.2 The PAM Configuration of sshd
To show how the theory behind PAM works, consider the PAM configuration of sshd
as a practical example:
Example 2.1 PAM Configuration for sshd
#%PAM-1.0
auth
auth
account
password include
session
session
# Enable the following line to get resmgr support for
# ssh sessions (see /usr/share/doc/packages/resmgr/README)
#session
The first module that is called is pam_nologin. It checks whether the file /etc/
nologin exists. If it does, no other user than root may log in.
The typical PAM configuration of an application (sshd, in this case) contains four include
statements referring to the configuration files of four module types: common-auth,
common-account, common-password, and common-session. These four
files hold the default configuration for each module type. By including them instead of
adding each module separately to the respective PAM configuration, you automatically
get an updated PAM configuration if the administrator changes the defaults. In former
times, you had to adjust all configuration files manually for all applications when
changes to PAM occurred or a new application was installed. Now the PAM configura-
20
Security Guide
required
pam_nologin.so
include
common-auth
include
common-account
common-password
required
pam_loginuid.so
include
common-session
optional
pam_resmgr.so fake_ttyname
Advertisement
Table of Contents
Need help?
Do you have a question about the LINUX ENTERPRISE SERVER 11 - SECURITY and is the answer not in the manual?
Questions and answers