IBM 10 SP1 EAL4 Manuale Utente
•
pam_passwdqc.so: Performs additional password strength checks. For example, it rejects
passwords such as “1qaz2wsx” that follow a pattern on the keyboard. In addition to checking regular
passwords it offers support for passphrases and can provide randomly generated passwords.
passwords it offers support for passphrases and can provide randomly generated passwords.
•
pam_env.so: Loads a configurable list of environment variables, and it is configured with the file
/etc/security/pam_env.conf.
/etc/security/pam_env.conf.
•
pam_shells.so: Authentication is granted if the user’s shell is listed in /etc/shells. If no
shell is in /etc/passwd (empty), the /bin/sh is used. It also checks to make sure that
/etc/shells is a plain file and not world-writable.
/etc/shells is a plain file and not world-writable.
•
pam_limits.so: This module imposes user limits on login. It is configured using the
/etc/security/limits.conf file. Each line in this file describes a limit for a user in the
/etc/security/limits.conf file. Each line in this file describes a limit for a user in the
form: <domain> <type> <item> <value>. No limits are imposed on UID 0 accounts.
•
pam_rootok.so: This module is an authentication module that performs one task: if the id of the
user is 0, then it returns PAM_SUCCESS. With the sufficient /etc/pam.conf control flag, it can
be used to allow password free access to some service for root.
•
pam_xauth.so: This module forwards xauth cookies from user to user. Primitive access control
is provided by ~/.xauth/export in the invoking user's home directory, and
~/.xauth/import in the target user's home directory. For more information, refer to
/usr/share/doc/packages/pam/modules/README.pam_xauth on an SLES system.
~/.xauth/import in the target user's home directory. For more information, refer to
/usr/share/doc/packages/pam/modules/README.pam_xauth on an SLES system.
•
pam_wheel.so: Permits root access only to members of the wheel group. By default,
pam_wheel.so permits root access to the system if the applicant user is a member of the wheel
pam_wheel.so permits root access to the system if the applicant user is a member of the wheel
group. First, the module checks for the existence of a wheel group. Otherwise, the module defines
the group with group ID 0 to be the wheel group. The TOE is configured with a wheel group of GID
= 10.
the group with group ID 0 to be the wheel group. The TOE is configured with a wheel group of GID
= 10.
•
pam_nologin.so: Provides standard UNIX nologin authentication. If the file /etc/nologin
exists, only root is allowed to log in; other users are turned away with an error message (and the
module returns PAM_AUTH_ERR or PAM_USER_UNKNOWN). All users (root or otherwise) are shown
module returns PAM_AUTH_ERR or PAM_USER_UNKNOWN). All users (root or otherwise) are shown
the contents of /etc/nologin.
•
pam_loginuid.so: Sets the login uid for the process that was authenticated. See Section 5.6.5.
•
pam_securetty.so: Provides standard UNIX securetty checking, which causes authentication
for root to fail unless the calling program has set PAM_TTY to a string listed in the
/etc/securetty file. For all other users, pam_securetty.so succeeds.
/etc/securetty file. For all other users, pam_securetty.so succeeds.
•
pam_tally.so: Keeps track of the number of login attempts made and denies access based on the
number of failed attempts, which is specified as an argument to pam_tally.so module (deny =
5). This is addressed at the account module interface. The pam_tally program allows
5). This is addressed at the account module interface. The pam_tally program allows
administrative users to examine and control the pam_tally PAM module's tally file.
•
pam_listfile.so: Allows the use of ACLs based on users, ttys, remote hosts, groups, and
shells.
•
pam_deny.so: Always returns a failure.
For detailed information about all of these modules, refer to
/usr/share/doc/packages/pam/modules/README.ModuleName on a SLES system.
/usr/share/doc/packages/pam/modules/README.ModuleName on a SLES system.
174