116
Chapter 7. Pluggable Authentication Modules (PAM)
#%PAM 1.0
auth
required
/lib/security/pam_nologin.so
auth
required
/lib/security/pam_securetty.so
auth
required
/lib/security/pam_env.so
auth
sufficient
/lib/security/pam_rhosts_auth.so
auth
required
/lib/security/pam_stack.so service=system auth
First,
pam_nologin.so
checks to see if
/etc/nologin
exists. If is does, no one can log in except
for root.
auth
required
/lib/security/pam_securetty.so
The
pam_securetty.so
module then prevents root logins from occurring on insecure terminals.
This effectively disallows all root
rlogin
attempts for security reasons.
Tip
If you need to log in as root, use OpenSSH instead. For more information on the SSH protocol, see
Chapter 9.
auth
required
/lib/security/pam_env.so
This line loads the
pam_env.so
module, which sets the environmental variables specified in
/etc/security/pam_env.conf
.
auth
sufficient
/lib/security/pam_rhosts_auth.so
The
pam_rhosts_auth.so
modules then authenticates the user using
.rhosts
in the user's
home directory. If this succeeds, PAM immediately authenticates the
rlogin
session. If
pam_rhosts_auth.so
fails to authenticate the user, this failed authentication attempt is ignored.
auth
required
/lib/security/pam_stack.so service=system auth
If the
pam_rhosts_auth.so
module fails to authenticate the user, the
pam_stack.so
module per
forms normal password authentication.
The argument
service=system auth
means the user must now pass through the PAM configuration
for system authorization found in
/etc/pam.d/system auth
.
Note
If you do not want to prompt for a password when the securetty check fails and determines that
the user is trying to login as root remotely, you can change the pam_securetty.so module from
required to requisite.
7.8. PAM and Device Ownership
Red Hat Linux allows the first privileged user to log in on the physical console of the machine the
ability to manipulate devices and perform tasks normally reserved for root. This is done through a
PAM module called
pam_console.so
.
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved