"Fossies" - the Fresh Open Source Software archive

Member "Linux-PAM-1.1.6/doc/sag/html/Linux-PAM_SAG.html" of archive Linux-PAM-1.1.6-docs.tar.gz:

Caution: In this restricted "Fossies" environment the current HTML page may not be correctly presentated and may have some non-functional links. Alternatively you can here view or download the uninterpreted source code. That can be also achieved for any archive member file by clicking within an archive contents listing on the first character of the file(path) respectively on the according byte size field.

The Linux-PAM System Administrators' Guide
   Next

The Linux-PAM System Administrators' Guide

Andrew G. Morgan

Thorsten Kukuk

Version 1.1.2, 31. August 2010

Abstract

This manual documents what a system-administrator needs to know about the Linux-PAM library. It covers the correct syntax of the PAM configuration file and discusses strategies for maintaining a secure system.

Table of Contents

1. Introduction
2. Some comments on the text
3. Overview
4. The Linux-PAM configuration file
4.1. Configuration file syntax
4.2. Directory based configuration
4.3. Example configuration file entries
5. Security issues
5.1. If something goes wrong
5.2. Avoid having a weak `other' configuration
6. A reference guide for available modules
6.1. pam_access - logdaemon style login access control
6.2. pam_cracklib - checks the password against dictionary words
6.3. pam_debug - debug the PAM stack
6.4. pam_deny - locking-out PAM module
6.5. pam_echo - print text messages
6.6. pam_env - set/unset environment variables
6.7. pam_exec - call an external command
6.8. pam_faildelay - change the delay on failure per-application
6.9. pam_filter - filter module
6.10. pam_ftp - module for anonymous access
6.11. pam_group - module to modify group access
6.12. pam_issue - add issue file to user prompt
6.13. pam_keyinit - display the keyinit file
6.14. pam_lastlog - display date of last login
6.15. pam_limits - limit resources
6.16. pam_listfile - deny or allow services based on an arbitrary file
6.17. pam_localuser - require users to be listed in /etc/passwd
6.18. pam_loginuid - record user's login uid to the process attribute
6.19. pam_mail - inform about available mail
6.20. pam_mkhomedir - create users home directory
6.21. pam_motd - display the motd file
6.22. pam_namespace - setup a private namespace
6.23. pam_nologin - prevent non-root users from login
6.24. pam_permit - the promiscuous module
6.25. pam_pwhistory - grant access using .pwhistory file
6.26. pam_rhosts - grant access using .rhosts file
6.27. pam_rootok - gain only root access
6.28. pam_securetty - limit root login to special devices
6.29. pam_selinux - set the default security context
6.30. pam_shells - check for valid login shell
6.31. pam_succeed_if - test account characteristics
6.32. pam_tally - login counter (tallying) module
6.33. pam_tally2 - login counter (tallying) module
6.34. pam_time - time controled access
6.35. pam_timestamp - authenticate using cached successful authentication attempts
6.36. pam_umask - set the file mode creation mask
6.37. pam_unix - traditional password authentication
6.38. pam_userdb - authenticate against a db database
6.39. pam_warn - logs all PAM items
6.40. pam_wheel - only permit root access to members of group wheel
6.41. pam_xauth - forward xauth keys between users
7. See also
8. Author/acknowledgments
9. Copyright information for this document
   Next
   Chapter 1. Introduction