1. Manuals
  2. Brands
  3. Computer Equipment
  4. Server
  5. IBM
  6. Computer Equipment
  7. Server

IBM 10 SP1 EAL4 - page 186

1 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 246
Download on canonical page 246 pages, 2.94 Mb
pam_passwdqc.so: Performs additional password strength checks. For example, it rejects
passwords such as “1qaz2wsx” that follow a pattern on the keyboard. In addition to checking regular
passwords it offers support for passphrases and can provide randomly generated passwords.
pam_env.so: Loads a configurable list of environment variables, and it is configured with the file
/etc/security/pam_env.conf.
pam_shells.so: Authentication is granted if the user’s shell is listed in /etc/shells. If no
shell is in /etc/passwd (empty), the /bin/sh is used. It also checks to make sure that
/etc/shells is a plain file and not world-writable.
pam_limits.so: This module imposes user limits on login. It is configured using the
/etc/security/limits.conf file. Each line in this file describes a limit for a user in the
form: <domain> <type> <item> <value>. No limits are imposed on UID 0 accounts.
pam_rootok.so: This module is an authentication module that performs one task: if the id of the
user is 0, then it returns PAM_SUCCESS. With the sufficient /etc/pam.conf control flag, it can
be used to allow password free access to some service for root.
pam_xauth.so: This module forwards xauth cookies from user to user. Primitive access control
is provided by ~/.xauth/export in the invoking user's home directory, and
~/.xauth/import in the target user's home directory. For more information, refer to
/usr/share/doc/packages/pam/modules/README.pam_xauth on an SLES system.
pam_wheel.so: Permits root access only to members of the wheel group. By default,
pam_wheel.so permits root access to the system if the applicant user is a member of the wheel
group. First, the module checks for the existence of a wheel group. Otherwise, the module defines
the group with group ID 0 to be the wheel group. The TOE is configured with a wheel group of GID
= 10.
pam_nologin.so: Provides standard UNIX nologin authentication. If the file /etc/nologin
exists, only root is allowed to log in; other users are turned away with an error message (and the
module returns PAM_AUTH_ERR or PAM_USER_UNKNOWN). All users (root or otherwise) are shown
the contents of /etc/nologin.
pam_loginuid.so: Sets the login uid for the process that was authenticated. See Section 5.6.5.
pam_securetty.so: Provides standard UNIX securetty checking, which causes authentication
for root to fail unless the calling program has set PAM_TTY to a string listed in the
/etc/securetty file. For all other users, pam_securetty.so succeeds.
pam_tally.so: Keeps track of the number of login attempts made and denies access based on the
number of failed attempts, which is specified as an argument to pam_tally.so module (deny =
5). This is addressed at the account module interface. The pam_tally program allows
administrative users to examine and control the pam_tally PAM module's tally file.
pam_listfile.so: Allows the use of ACLs based on users, ttys, remote hosts, groups, and
shells.
pam_deny.so: Always returns a failure.
For detailed information about all of these modules, refer to
/usr/share/doc/packages/pam/modules/README.ModuleName on a SLES system.
174
MENU

Models

Contents