Shulou(Shulou.com)06/01 Report--

The content of this article mainly focuses on how to parse the Linux system / etc/pam.d/system-auth file. The content of the article is clear and clear. It is very suitable for beginners to learn and is worth reading. Interested friends can follow the editor to read together. I hope you can get something through this article!

The / etc/pam.d/system-auth file in Linux is mainly used for password setting and login control.

Password setting and login control file location: / etc/pam.d/system-auth. The sample file content is as follows:

All three auth of auth required pam_securetty.so auth required pam_unix.so shadow nullok auth required pam_nologin.so account required pam_unix.so password required pam_cracklib.so retry=3 password required pam_unix.so shadow nullok use_authtok session required pam_unix.so are used for login checking, even if the first module fails, to prevent users from knowing which process failed, and the main purpose is to prevent attacks. Auth component: authentication interface, request and verify password account component: detect whether access is allowed. Check whether the account expires or if you can log in within the end time. Password component: set and verify passwords session component: configure and manage user sesison.

Required: this module must be success to continue. Even if it fails, the user will not know immediately until all the relevant modules are completed. Requisite: this module must be success for authentication to continue. Suffifient: ignore if it fails. Optinal: ignore the result, regardless of failure.

Auth required pam_securetty.so ensures that if a user attempts to log in as root, the tty of the user's login is listed in the / etc/securetty file, if the file exists.

Auth required pam_unix.so shadow nullok prompts the logged-in user to enter the password and validates it against the corresponding password saved in / etc/passwd, if / etc/shadow exists. The pam_unis.so module automatically detects and authenticates users with passwords.

The final step of auth required pam_nologin.so authentication is to verify the existence of the / etc/nologin file. If the nologin exists and the user identity is not root, the authentication fails.

Account required pam_unix.so this module performs the necessary account verification. If the enable shadow passwords,pam_unix.so module verifies that the account has expired or changes the password within the grace period.

Password required pam_cracklib.so retry=3 if the password expires, pam_cracklib.so requires a new password. If the complexity of the new password does not satisfy the requirement, the user will be given two opportunities to re-enter a password with sufficient strength. Three times. The options supported by pam_cracklib.so are as follows: minlen=N: minimum length of the new password dcredit=N: the maximum number of digits in the new password when N > 0; the maximum number of uppercase letters in the new password when N0; the maximum number of lowercase letters in the new password when N0; the maximum number of special characters in the new password when N0

If password required pam_unix.so shadow nullok use_authtok needs to change the user's password, it must be operated by the pam_unix.so module. Shadow logo: create a shadow passwords nullok logo when updating a user's password: users can change their password from an empty password, otherwise an empty password is considered an account locked. User_authok identity: disables requesting a new password. Accept any password created by the previous function module, but the password change must be checked by pam_cracklib.so.

Session required pam_unix.sopam_unix.so session component, which records the user name and service type in / var/log/messages

Thank you for your reading. I believe you have some understanding of "how to parse Linux system / etc/pam.d/system-auth files". Go ahead and practice it. If you want to know more about it, you can follow the website! The editor will continue to bring you better articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.