PAM Configuration File Format
645
43.4.3.2. Control Flag
All PAM modules generate a success or failure result when called. Control flags tell PAM what do with
the result. Modules can be stacked in a particular order, and the control flags determine how important
the success or failure of a particular module is to the overall goal of authenticating the user to the
service.
There are four predefined control flags:
•
required
— The module result must be successful for authentication to continue. If the test fails at
this point, the user is not notified until the results of all module tests that reference that interface are
complete.
•
requisite
— The module result must be successful for authentication to continue. However, if
a test fails at this point, the user is notified immediately with a message reflecting the first failed
required
or
requisite
module test.
•
sufficient
— The module result is ignored if it fails. However, if the result of a module flagged
sufficient
is successful
and
no previous modules flagged
required
have failed, then no other
results are required and the user is authenticated to the service.
•
optional
— The module result is ignored. A module flagged as
optional
only becomes
necessary for successful authentication when no other modules reference the interface.
Important
The order in which
required
modules are called is not critical. Only the
sufficient
and
requisite
control flags cause order to become important.
A newer control flag syntax that allows for more precise control is now available for PAM.
The
pam.d
man page, and the PAM documentation, located in the
/usr/share/doc/
pam-
<version-number>
/
directory, where
<version-number>
is the version number for PAM on
your system, describe this newer syntax in detail.
43.4.3.3. Module Name
The module name provides PAM with the name of the pluggable module containing the specified
module interface. In older versions of Red Hat Enterprise Linux, the full path to the module was
provided in the PAM configuration file. However, since the advent of
multilib
systems, which store 64-
bit PAM modules in the
/lib64/security/
directory, the directory name is omitted because the
application is linked to the appropriate version of
libpam
, which can locate the correct version of the
module.
43.4.3.4. Module Arguments
PAM uses
arguments
to pass information to a pluggable module during authentication for some
modules.
For example, the
pam_userdb.so
module uses information stored in a Berkeley DB file to
authenticate the user. Berkeley DB is an open source database system embedded in many
applications. The module takes a
db
argument so that Berkeley DB knows which database to use for
the requested service.
Содержание ENTERPRISE LINUX 5 - VIRTUAL SERVER ADMINISTRATION
Страница 22: ...xxii ...
Страница 28: ......
Страница 36: ...10 ...
Страница 40: ...14 ...
Страница 96: ...70 ...
Страница 116: ...90 ...
Страница 144: ...118 ...
Страница 146: ......
Страница 158: ...132 ...
Страница 165: ...Installing and Removing Packages 139 Figure 11 7 Installing and removing packages simultaneously ...
Страница 166: ...140 ...
Страница 172: ...146 ...
Страница 178: ......
Страница 228: ...202 ...
Страница 264: ...238 ...
Страница 318: ...292 ...
Страница 330: ...304 ...
Страница 388: ...362 ...
Страница 428: ...402 ...
Страница 452: ......
Страница 458: ...432 ...
Страница 476: ...450 ...
Страница 478: ...452 ...
Страница 494: ...468 ...
Страница 498: ...472 ...
Страница 530: ...504 ...
Страница 536: ...510 ...
Страница 544: ...Chapter 36 Log Files 518 Figure 36 7 Log file contents after five seconds ...
Страница 546: ......
Страница 550: ...524 ...
Страница 576: ......
Страница 584: ...558 ...
Страница 608: ......
Страница 776: ...750 ...
Страница 796: ...770 ...
Страница 800: ...774 ...
Страница 804: ......
Страница 806: ...780 ...
Страница 808: ...782 ...
Страница 816: ...790 ...
Страница 820: ...794 ...
Страница 822: ...796 ...
Страница 830: ...804 ...
Страница 836: ...810 ...
Страница 844: ...818 ...
Страница 848: ...822 ...