To facilitate the creation and maintenance of PAM modules, common default configu-
ration files for the functions
auth
,
account
,
password
, and
session
modules
have been introduced. These are pulled in from every application's PAM configuration.
Updates to the global PAM configuration modules in
common-*
are thus propagated
across all PAM configuration files without requiring the administrator to update every
single PAM configuration file.
The global common PAM configuration files are maintained using the pam-config tool.
This tool automatically adds new modules to the configuration, changes the configuration
of existing ones or deletes modules or options from the configurations. Manual inter-
vention in maintaining PAM configurations is minimized or no longer required.
2.1 Structure of a PAM Configuration
File
Each line in a PAM configuration file contains a maximum of four columns:
<Type of module> <Control flag> <Module path> <Options>
PAM modules are processed as stacks. Different types of modules have different pur-
poses, for example, one module checks the password, another one verifies the location
from which the system is accessed, and yet another one reads user-specific settings.
PAM knows about four different types of modules:
auth
The purpose of this type of module is to check the user's authenticity. This is tradi-
tionally done by querying a password, but it can also be achieved with the help of
a chip card or through biometrics (for example, fingerprints or iris scan).
account
Modules of this type check whether the user has general permission to use the re-
quested service. As an example, such a check should be performed to ensure that
no one can log in under the username of an expired account.
password
The purpose of this type of module is to enable the change of an authentication
token. In most cases, this is a password.
18
Security Guide
Содержание LINUX ENTERPRISE DESKTOP 11
Страница 1: ...SUSE Linux Enterprise Server www novell com 11 March 17 2009 Security Guide...
Страница 9: ...32 7 Managing Audit Event Records Using Keys 433 33 Useful Resources 435...
Страница 10: ......
Страница 29: ...Part I Authentication...
Страница 30: ......
Страница 55: ...Figure 4 2 YaST LDAP Server Configuration LDAP A Directory Service 41...
Страница 126: ......
Страница 127: ...Part II Local Security...
Страница 128: ......
Страница 158: ......
Страница 173: ...Part III Network Security...
Страница 174: ......
Страница 194: ......
Страница 197: ...Figure 16 2 Scenario 2 Figure 16 3 Scenario 3 Configuring VPN Server 183...
Страница 210: ......
Страница 228: ......
Страница 229: ...Part IV Confining Privileges with Novell AppArmor...
Страница 230: ......
Страница 274: ......
Страница 300: ......
Страница 328: ......
Страница 340: ......
Страница 342: ......
Страница 386: ......
Страница 387: ...Part V The Linux Audit Framework...
Страница 388: ......