PAM Configuration
Configuring PAM
PAM configuration is generally implemented in the configuration file residing in /etc/pam.d or /etc/pam.conf (for old versions).
The configuration file structure
For each service that uses PAM, there is a corresponding file in the directory, which contains the rules or instructions for how authentication and account information should be obtained for that service. There is usually one rule per line.
Fields in the PAM configuration files include:
* Service_name specifies the name of the service/application. (The default is OTHER.)
* Module_type specifies module type (auth/account/session/passwd) for the corresponding service in Service_name field.
* Control_flag specifies the stacking behavior of the module. It can take such values as requisite, required, sufficient, and optional.
* Module_path specifies the path name to the library object which implements the module. It is set to /lib/security by default.
* Module_options/module_args (optional fields) specify the options or arguments that can be passed to the services modules.
The modules are invoked in the order in which they are listed in the configuration file, depending on what the Control_flag for each entry allows. Control_flag values include:
* Required: All required modules in a stack must pass for a successful result. If one or more of the required module fails, all of the required modules in the stack are implemented, but the first error is returned.
* Sufficient: If a module flagged as sufficient succeeds and no previous required or sufficient modules have failed, then all remaining modules in the stack are ignored and success is returned.
* Optional: If none of the modules in the stack are required and no sufficient modules have succeeded, then at least one optional module of the service/application must succeed.
PAM configuration is generally implemented in the configuration file residing in /etc/pam.d or /etc/pam.conf (for old versions).
The configuration file structure
For each service that uses PAM, there is a corresponding file in the directory, which contains the rules or instructions for how authentication and account information should be obtained for that service. There is usually one rule per line.
Fields in the PAM configuration files include:
* Service_name specifies the name of the service/application. (The default is OTHER.)
* Module_type specifies module type (auth/account/session/passwd) for the corresponding service in Service_name field.
* Control_flag specifies the stacking behavior of the module. It can take such values as requisite, required, sufficient, and optional.
* Module_path specifies the path name to the library object which implements the module. It is set to /lib/security by default.
* Module_options/module_args (optional fields) specify the options or arguments that can be passed to the services modules.
The modules are invoked in the order in which they are listed in the configuration file, depending on what the Control_flag for each entry allows. Control_flag values include:
* Required: All required modules in a stack must pass for a successful result. If one or more of the required module fails, all of the required modules in the stack are implemented, but the first error is returned.
* Sufficient: If a module flagged as sufficient succeeds and no previous required or sufficient modules have failed, then all remaining modules in the stack are ignored and success is returned.
* Optional: If none of the modules in the stack are required and no sufficient modules have succeeded, then at least one optional module of the service/application must succeed.
.jpg)
No comments:
Post a Comment