116
Chapter 7. Pluggable Authentication Modules (PAM)
#%PAM 1.0
auth
required
/lib/security/pam_nologin.so
auth
required
/lib/security/pam_securetty.so
auth
required
/lib/security/pam_env.so
auth
sufficient
/lib/security/pam_rhosts_auth.so
auth
required
/lib/security/pam_stack.so service=system auth
First,
pam_nologin.so
checks to see if
/etc/nologin
exists. If is does, no one can log in except
for root.
auth
required
/lib/security/pam_securetty.so
The
pam_securetty.so
module then prevents root logins from occurring on insecure terminals.
This effectively disallows all root
rlogin
attempts for security reasons.
Tip
If you need to log in as root, use OpenSSH instead. For more information on the SSH protocol, see
Chapter 9.
auth
required
/lib/security/pam_env.so
This line loads the
pam_env.so
module, which sets the environmental variables specified in
/etc/security/pam_env.conf
.
auth
sufficient
/lib/security/pam_rhosts_auth.so
The
pam_rhosts_auth.so
modules then authenticates the user using
.rhosts
in the user's
home directory. If this succeeds, PAM immediately authenticates the
rlogin
session. If
pam_rhosts_auth.so
fails to authenticate the user, this failed authentication attempt is ignored.
auth
required
/lib/security/pam_stack.so service=system auth
If the
pam_rhosts_auth.so
module fails to authenticate the user, the
pam_stack.so
module per 
forms normal password authentication.
The argument
service=system auth
means the user must now pass through the PAM configuration
for system authorization found in
/etc/pam.d/system auth
.
Note
If you do not want to prompt for a password when the securetty check fails and determines that
the user is trying to login as root remotely, you can change the pam_securetty.so module from
required to requisite.
7.8. PAM and Device Ownership
Red Hat Linux allows the first privileged user to log in on the physical console of the machine the
ability to manipulate devices and perform tasks normally reserved for root. This is done through a
PAM module called
pam_console.so
.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

tomcat hosting

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved