Difference between revisions of "Redhat:PAM Format"

From Define Wiki
Jump to navigation Jump to search
(Created page with "== Format of a PAM file == === login PAM === An important line is in the login PAM file. The first line of the file means that root users can only login through secure shel...")
 
(No difference)

Latest revision as of 12:16, 10 September 2013

Format of a PAM file

login PAM

An important line is in the login PAM file. The first line of the file means that root users can only login through secure shells as defined in /etc/securetty file and unknown users are ignored.

The second line includes all of the auth directives from teh system-auth PAM. 

auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth       include      system-auth

system-auth PAM

auth        required      pam_env.so
auth        sufficient    pam_fprintd.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        required      pam_deny.so


The five directives are run in order. The first sets up the environment and is required to pass.

The next two are marked a sufficient. They check authentication through a finger print reader and the users password. One of these must succeed. The forth defines the requirement that the users UID must be over 500.


If these conditions fail the final line locks the user our of the system.

Retrieved from "http://wiki.define-technology.com/mediawiki-1.35.0/index.php?title=Redhat:PAM_Format&oldid=3643"