[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

user auth questions



Hi all.  I am having some problems understanding how PAM works, and hoped
someone could clarify a few things for me.

- I've converted to shadow passwds, but had a question about the following
line from /etc/pam.d/login:

password   required     /lib/security/pam_pwdb.so shadow nullok use_authtok

I realize the conversion is automatic, but I'd like to understand what this
actually means.  Can you explain what the 'nullok' and 'use_authtok' mean?

And the 'shadow' means to use shadow if available, correct?

I've searched the documentation, including the RH manual, and it does not
describe these features in the PAM section.

- How can I use pam to do password/account aging, like chage did (or was
supposed to :) ?

- I understand that entries can be `stacked'.  Does this mean that the files
are parsed from the top down, and use the entries that match the pattern the
program is looking for?

For example, use the /etc/pam.d/login file again:

auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_pwdb.so shadow nullok
auth       required     /lib/security/pam_nologin.so

The third line says to use the pam_nologin module.  Does this mean if the
previous two fail, to prevent that user from logging in?

account    required     /lib/security/pam_pwdb.so
password   required     /lib/security/pam_cracklib.so
password   required     /lib/security/pam_pwdb.so shadow nullok use_authtok
session    required     /lib/security/pam_pwdb.so

And this says to use pwdb to find the user, check the passwd with cracklib,
then see if there is a shadow entry, and if not, use the passwd from pwdb?

Thanks,
Dave Wreski



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []