IBM 10 SP1 EAL4 manual System management, Account Management, Xinetd, Chage

#Service-level configuration

#---------------------------

[ssmtp] accept = 465 connect = 25

The above configuration secures localhost-SMTP when someone connects to it via port 465. The configuration tells stunnel to listen to the SSH port 465, and to send all info to the plain port 25 on localhost.

For additional information about stunnel, refer to its man page as well as http://stunnel.mirt.net and http://www.stunnel.org.

5.12.4.6xinetd

The xinetd daemon dispatches children to service incoming requests. For more information on xinetd, see the SLES Security Guide or the xinetd(8) man page.

5.13System management

5.13.1Account Management

5.13.1.1chage

The chage program allows a system administrator to alter a user’s password expiration data. See the chage man page for more information. chage generally follows these steps.

1.Sets language.

2.Sets up a variable indicating whether the application user is the root user.

3.Parses command-line arguments.

4.Performs a sanity check on command-line arguments.

5.If the application user is not root, allows only the listing of the user’s own password age parameters.

6.Invokes getpwuid (getuid()) to obtain the application user’s passwd structure.

7.Invokes pam_start() to initialize the PAM library and to identify the application with a particular service name.

8.Invokes pam_authenticate() to authenticate the application user. Generates an audit record to log the authentication attempt and its outcome.

9.Invokes pam_acct_mgmt() to perform module specific account management.

10.If called to list password age parameters, lists them now and exits.

11.Locks and opens authentication database files.

12.Updates appropriate database files with new password age parameters.

13.Closes database files.

196