KATOH Yasufumi edited this page Mar 7, 2018
·
2 revisions
# Begin /etc/pam.d/system-account
account required pam_unix.so
# End /etc/pam.d/system-account
# Begin /etc/pam.d/system-auth
auth required pam_unix.so
# End /etc/pam.d/system-auth
# Begin /etc/pam.d/system-session
session required pam_unix.so
session optional pam_loginuid.so
session optional pam_ck_connector.so nox11
# End /etc/pam.d/system-session
login.defs も変更
# Begin /etc/pam.d/system-password
password required pam_cracklib.so retry=3 difok=5 minlen=8\
dictpath=/lib/cracklib/pw_dict
password required pam_unix.so sha512 shadow use_authtok
# End /etc/pam.d/system-password
現状から変更。ソース付属の pam.conf ファイルベース
@include system-auth
@include system-account
session required pam_loginuid.so
@include system-session
session required pam_limits.so
session required pam_env.so user_readenv=1
chfn chgpasswd chpasswd chsh groupadd groupdel groupmems groupmod newusers useradd userdel usermod 共通。現状から変更
# Begin /etc/pam.d/chage
# always allow root
auth sufficient pam_rootok.so
# include system defaults for auth account and session
auth include system-auth
account include system-account
session include system-session
# Always permit for authentication updates
password required pam_permit.so
# End /etc/pam.d/chage
現状通り
# Begin /etc/pam.d/cups
auth include system-auth
account include system-account
session include system-session
# End /etc/pam.d/cups
必要? 現状通り
auth sufficient pam_rootok.so
auth required pam_unix.so
account required pam_permit.so
現状通り(includeしてない)
変更あり
# Begin /etc/pam.d/login
# Set failure delay before next prompt to 3 seconds
auth optional pam_faildelay.so delay=3000000
# Check to make sure that the user is allowed to login
auth requisite pam_nologin.so
# Check to make sure that root is allowed to login
# Disabled by default. You will need to create /etc/securetty
# file for this module to function. See man 5 securetty.
auth required pam_securetty.so
# Additional group memberships - disabled by default
#auth optional pam_group.so
# include the default auth settings
auth include system-auth
# check access for the user
account required pam_access.so
# include the default account settings
account include system-account
# Set default environment variables for the user
session required pam_env.so
# Set resource limits for the user
session required pam_limits.so
# Display date of last login - Disabled by default
#session optional pam_lastlog.so
# Display the message of the day - Disabled by default
#session optional pam_motd.so
# Check user's mail - Disabled by default
#session optional pam_mail.so standard quiet
# include the default session and password settings
session include system-session
password include system-password
# End /etc/pam.d/login
現状通り
# Begin /etc/pam.d/other
auth required pam_warn.so
auth required pam_deny.so
account required pam_warn.so
account required pam_deny.so
password required pam_warn.so
password required pam_deny.so
session required pam_warn.so
session required pam_deny.so
# End /etc/pam.d/other
現状から変更
# Begin /etc/pam.d/passwd
password include system-password
# End /etc/pam.d/passwd
現状通り
auth include system-auth
account include system-account
password include system-password
session include system-session
現状から変更
auth required pam_unix.so
account required pam_unix.so
session required pam_unix.so
現状通り
auth required pam_unix.so
現状通り
# Begin /etc/pam.d/su
# always allow root
auth sufficient pam_rootok.so
auth include system-auth
# include the default account settings
account include system-account
# Set default environment variables for the service user
session required pam_env.so
# include system session defaults
session include system-session
# End /etc/pam.d/su
現状どおり
変更
auth include system-auth
account include system-account
password include system-password
session include system-session