File Manager

X7ROOT File Manager

Current Path: /usr/share/doc/pam-1.1.8/html

📁 ..
📄 Linux-PAM_SAG.html(8.98 KB)
📄 sag-author.html(3.04 KB)
📄 sag-configuration-directory.html(2.89 KB)
📄 sag-configuration-example.html(5.39 KB)
📄 sag-configuration-file.html(17.11 KB)
📄 sag-configuration.html(2.99 KB)
📄 sag-copyright.html(3.53 KB)
📄 sag-introduction.html(4.34 KB)
📄 sag-module-reference.html(37.26 KB)
📄 sag-overview.html(7.81 KB)
📄 sag-pam_access.html(17.54 KB)
📄 sag-pam_cracklib.html(19.79 KB)
📄 sag-pam_debug.html(7.9 KB)
📄 sag-pam_deny.html(4.59 KB)
📄 sag-pam_echo.html(5.62 KB)
📄 sag-pam_env.html(11.58 KB)
📄 sag-pam_exec.html(8.17 KB)
📄 sag-pam_faildelay.html(4.48 KB)
📄 sag-pam_filter.html(9.12 KB)
📄 sag-pam_ftp.html(6.06 KB)
📄 sag-pam_group.html(9.86 KB)
📄 sag-pam_issue.html(6.23 KB)
📄 sag-pam_keyinit.html(6.85 KB)
📄 sag-pam_lastlog.html(7.89 KB)
📄 sag-pam_limits.html(17.51 KB)
📄 sag-pam_listfile.html(10.29 KB)
📄 sag-pam_localuser.html(5.28 KB)
📄 sag-pam_loginuid.html(5.08 KB)
📄 sag-pam_mail.html(7.58 KB)
📄 sag-pam_mkhomedir.html(6.05 KB)
📄 sag-pam_motd.html(4.19 KB)
📄 sag-pam_namespace.html(19.79 KB)
📄 sag-pam_nologin.html(5.21 KB)
📄 sag-pam_permit.html(4.2 KB)
📄 sag-pam_pwhistory.html(7.63 KB)
📄 sag-pam_rhosts.html(6.25 KB)
📄 sag-pam_rootok.html(4.99 KB)
📄 sag-pam_securetty.html(6.33 KB)
📄 sag-pam_selinux.html(8.12 KB)
📄 sag-pam_shells.html(4.16 KB)
📄 sag-pam_succeed_if.html(8.94 KB)
📄 sag-pam_tally.html(13.68 KB)
📄 sag-pam_tally2.html(14.6 KB)
📄 sag-pam_time.html(9.5 KB)
📄 sag-pam_timestamp.html(6.28 KB)
📄 sag-pam_umask.html(6.17 KB)
📄 sag-pam_unix.html(14.29 KB)
📄 sag-pam_userdb.html(8.29 KB)
📄 sag-pam_warn.html(4.46 KB)
📄 sag-pam_wheel.html(7.01 KB)
📄 sag-pam_xauth.html(8.22 KB)
📄 sag-security-issues-other.html(2.92 KB)
📄 sag-security-issues-wrong.html(2.89 KB)
📄 sag-security-issues.html(2.11 KB)
📄 sag-see-also.html(2.23 KB)
📄 sag-text-conventions.html(3.11 KB)

Editing: sag-configuration-example.html

<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>4.3. Example configuration file entries</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-configuration.html" title="Chapter 4. The Linux-PAM configuration file"><link rel="prev" href="sag-configuration-directory.html" title="4.2. Directory based configuration"><link rel="next" href="sag-security-issues.html" title="Chapter 5. Security issues"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.3. Example configuration file entries</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-configuration-directory.html">Prev</a> </td><th width="60%" align="center">Chapter 4. The Linux-PAM configuration file</th><td width="20%" align="right"> <a accesskey="n" href="sag-security-issues.html">Next</a></td></tr></table><hr></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-configuration-example"></a>4.3. Example configuration file entries</h2></div></div></div><p>
         In this section, we give some examples of entries that can
         be present in the <span class="emphasis"><em>Linux-PAM</em></span>
         configuration file. As a first attempt at configuring your
         system you could do worse than to implement these.
       </p><p>
         If a system is to be considered secure, it had better have a
         reasonably secure '<span class="emphasis"><em>other</em></span> entry.
         The following is a paranoid setting (which is not a bad place
         to start!):
       </p><pre class="programlisting">
#
# default; deny access
#
other   auth     required       pam_deny.so
other   account  required       pam_deny.so
other   password required       pam_deny.so
other   session  required       pam_deny.so
       </pre><p>
         Whilst fundamentally a secure default, this is not very
         sympathetic to a misconfigured system. For example, such
         a system is vulnerable to locking everyone out should the
         rest of the file become badly written.
       </p><p>
         The module <span class="command"><strong>pam_deny</strong></span> (documented in a
         <a class="link" href="sag-pam_deny.html" title="6.4. pam_deny - locking-out PAM module">later section</a>) is not very
         sophisticated. For example, it logs no information when it
         is invoked so unless the users of a system contact the
         administrator when failing to execute a service application,
         the administrator may go for a long while in ignorance of the
         fact that his system is misconfigured.
       </p><p>
         The addition of the following line before those in the above
         example would provide a suitable warning to the administrator.
       </p><pre class="programlisting">
#
# default; wake up! This application is not configured
#
other   auth     required       pam_warn.so
other   password required       pam_warn.so
       </pre><p>
         Having two '<span class="command"><strong>other auth</strong></span>' lines is an
         example of stacking.
       </p><p>
         On a system that uses the <code class="filename">/etc/pam.d/</code>
         configuration, the corresponding default setup would be
         achieved with the following file:
       </p><pre class="programlisting">
#
# default configuration: /etc/pam.d/other
#
auth     required       pam_warn.so
auth     required       pam_deny.so
account  required       pam_deny.so
password required       pam_warn.so
password required       pam_deny.so
session  required       pam_deny.so
       </pre><p>
         This is the only explicit example we give for an
         <code class="filename">/etc/pam.d/</code> file. In general, it
         should be clear how to transpose the remaining examples
         to this configuration scheme.
       </p><p>
         On a less sensitive computer, one on which the system
         administrator wishes to remain ignorant of much of the
         power of <span class="emphasis"><em>Linux-PAM</em></span>, the
         following selection of lines (in
         <code class="filename">/etc/pam.d/other</code>) is likely to
         mimic the historically familiar Linux setup.
       </p><pre class="programlisting">
#
# default; standard UN*X access
#
auth     required       pam_unix.so
account  required       pam_unix.so
password required       pam_unix.so
session  required       pam_unix.so
       </pre><p>
         In general this will provide a starting place for most applications.
       </p></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-configuration-directory.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="sag-configuration.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="sag-security-issues.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.2. Directory based configuration </td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top"> Chapter 5. Security issues</td></tr></table></div></body></html>

X7ROOT File Manager

Editing: sag-configuration-example.html

Upload File

Create Folder