SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG
DONATE


YUM REPOSITORY

 
 

MAN page from openSUSE Leap 42 authconfig-7.0.1-2.1.x86_64.rpm

SYSTEM-AUTH-AC

Section: File Formats (5)
Updated: 2010 March 31
Index 

NAME

system-auth-ac, password-auth-ac, smartcard-auth-ac,fingerprint-auth-ac, postlogin-ac - Common configuration files forPAMified services written by authconfig(8)

 

SYNOPSIS

/etc/pam.d/system-auth-ac

 

DESCRIPTION

The purpose of this configuration file is to provide common configuration file for all applications and service daemonscalling PAM library.

Thesystem-authconfiguration file is included from all individual service configurationfiles with the help of theincludedirective. When authconfig(8) writes the system PAM configuration file itreplaces the defaultsystem-authfile with a symlink pointing tosystem-auth-acand writes the configuration to this file. The symlink is not changed onsubsequent configuration changes even if it points elsewhere. This allowssystem administrators to override the configuration written by authconfig.

The authconfig now writes the authentication modules also into additional PAMconfiguration files /etc/pam.d/password-auth-ac,/etc/pam.d/smartcard-auth-ac, and /etc/pam.d/fingerprint-auth-ac.These configuration files contain only modules which performauthentication with the respective kinds of authentication tokens.For example /etc/pam.d/smartcard-auth[-ac] will not containpam_unix and pam_ldap modules and /etc/pam.d/password-auth[-ac]will not contain pam_pkcs11 and pam_fprintd modules.

The file /etc/pam.d/postlogin-ac contains common servicesto be invoked after login. An example can be a module that encrypts anuser's filesystem or user's keyring and is decrypted by his password.

The PAM configuration files of services which are accessed by remoteconnections such as sshd or ftpd now include the /etc/pam.d/password-authconfiguration file instead of /etc/pam.d/system-auth.

 

EXAMPLE

Configure system to use pam_tally2 for configuration of maximum number offailed logins. Also call pam_access to verify if access is allowed.

Makesystem-authsymlink point to system-auth-local which contains:


auth requisite pam_access.so
auth requisite pam_tally2.so deny=3 lock_time=30 \

                                      unlock_time=3600
auth include system-auth-ac
account required pam_tally2.so
account include system-auth-ac
password include system-auth-ac
session include system-auth-ac

 

BUGS

None known.

 

SEE ALSO

authconfig(8), authconfig-gtk(8), pam(8), system-auth(5)


 

Index

NAME
SYNOPSIS
DESCRIPTION
EXAMPLE
BUGS
SEE ALSO

This document was created byman2html,using the manual pages.