Red Hat ENTERPRISE LINUX 3 Reference Manual
Also see for ENTERPRISE LINUX 3 - SECURITY GUIDE: Tuning guideInstallation guideInstallation guideInstallation guideManual
                                                                                                                                                                                                                                                                                                                                    | |
Contents
|
232 Chapter 15. Pluggable Authentication Modules (PAM)In the previous example, replace a path-to-fileb with the full path to the Berkeley DB databasefile.Invalid arguments are ignored and do not otherwise affect the success or failure of the PAM module.However, most modules will report an error to the /var/log/messages file.15.4. Sample PAM Configuration FilesBelow is a sample PAM application configuration file:#%PAM-1.0auth required pam_securetty.soauth required pam_unix.so shadow nullokauth required pam_nologin.soaccount required pam_unix.sopassword required pam_cracklib.so retry=3password required pam_unix.so shadow nullok use_authtoksession required pam_unix.soThe first line is a comment as denoted by the hash mark (#) at the beginning of the line.Lines two through four stack three modules for login authentication.auth required pam_securetty.soThis module makes sure that if the user is trying to log in as root, the tty on which the user is loggingin is listed in the /etc/securetty file, if that file exists.auth required pam_unix.so shadow nullokThis module prompts the user for a password and then checks the password using the informationstored in /etc/passwd and, if it exists, /etc/shadow. The pam_unix.so module automaticallydetects and uses shadow passwords to authenticate users. Please refer to Section 6.5 Shadow Pass-words for more information.The argument nullok instructs the pam_unix.so module to allow a blank password.auth required pam_nologin.soThis is the final authentication step. It verifies whether or not the file /etc/nologin exists. Ifnologin does exist and the user is not root, authentication fails.NoteIn this example, all three auth modules are checked, even if the first auth module fails. This preventsthe user from knowing at what stage their authentication failed. Such knowledge in the hands of anattacker could allow them to more easily deduce how to crack the system.account required pam_unix.soThis module performs any necessary account verification. For example, if shadow passwords havebeen enabled, the account component of the pam_unix.so module checks to see if the account hasexpired or if the user has not changed the password within the grace period allowed.password required pam_cracklib.so retry=3 |
Related manuals for Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
Red Hat ENTERPRISE LINUX 4.5.0 Reference Manual
Red Hat ENTERPRISE LINUX 4 Manual
Red Hat ENTERPRISE LINUX 4 Manual
Red Hat ENTERPRISE LINUX 5.4 - SYSTEMTAP TAPSET Reference Manual
Red Hat LINUX 7.2 Reference Manual
Red Hat NETWORK 2.7 - ENTERPRISE Reference Manual
Red Hat ENTERPRISE LINUX 5.4 - SYSTEMTAP LANGUAGE Reference Manual
Red Hat ENTERPRISE LINUX 5.3 - RELEASE MANIFEST Manual
Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE Manual
Red Hat ENTERPRISE LINUX 4 - USING AS Using Manual
This manual is suitable for:
manualsdatabase
Your AI-powered manual search engine