116


Chapter 7. Pluggable Authentication Modules (PAM)


#%PAM 1.0


auth


required


/lib/security/pam_nologin.so


auth


required


/lib/security/pam_securetty.so


auth


required


/lib/security/pam_env.so


auth


sufficient


/lib/security/pam_rhosts_auth.so


auth


required


/lib/security/pam_stack.so service=system auth


First,


pam_nologin.so


checks to see if


/etc/nologin


exists. If is does, no one can log in except


for root.


auth


required


/lib/security/pam_securetty.so


The


pam_securetty.so


module then prevents root logins from occurring on insecure terminals.


This effectively disallows all root


rlogin


attempts for security reasons.


Tip


If you need to log in as root, use OpenSSH instead. For more information on the SSH protocol, see


Chapter 9.


auth


required


/lib/security/pam_env.so


This line loads the


pam_env.so


module, which sets the environmental variables specified in


/etc/security/pam_env.conf


.


auth


sufficient


/lib/security/pam_rhosts_auth.so


The


pam_rhosts_auth.so


modules then authenticates the user using


.rhosts


in the user's


home directory. If this succeeds, PAM immediately authenticates the


rlogin


session. If


pam_rhosts_auth.so


fails to authenticate the user, this failed authentication attempt is ignored.


auth


required


/lib/security/pam_stack.so service=system auth


If the


pam_rhosts_auth.so


module fails to authenticate the user, the


pam_stack.so


module per 


forms normal password authentication.


The argument


service=system auth


means the user must now pass through the PAM configuration


for system authorization found in


/etc/pam.d/system auth


.


Note


If you do not want to prompt for a password when the securetty check fails and determines that


the user is trying to login as root remotely, you can change the pam_securetty.so module from


required to requisite.


7.8. PAM and Device Ownership


Red Hat Linux allows the first privileged user to log in on the physical console of the machine the


ability to manipulate devices and perform tasks normally reserved for root. This is done through a


PAM module called


pam_console.so


.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      tomcat hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved