POSTLOGIN(5) Linux-PAM Manual POSTLOGIN(5)NAME
postlogin - Common configuration file for PAMified services
The purpose of this PAM configuration file is to provide a common place for all PAM modules which should be called after the stack config-
ured in system-auth or the other common PAM configuration files.
The postlogin configuration file is included from all individual service configuration files that provide login service with shell or file
The modules in the postlogin configuration file are executed regardless of the success or failure of the modules in the system-auth config-
Sometimes it would be useful to be able to skip the postlogin modules in case the substack of the system-auth modules failed. Unfortunately
the current Linux-PAM library does not provide any way how to achieve this.
SEE ALSO pam(8), config-util(5), system-auth(5)
The three Linux-PAM Guides, for system administrators, module developers, and application developers.
Red Hat 2010 Dec 22 POSTLOGIN(5)
Check Out this Related Man Page
SYSTEM-AUTH-AC(5) File Formats Manual SYSTEM-AUTH-AC(5)NAME
system-auth-ac, password-auth-ac, smartcard-auth-ac, fingerprint-auth-ac, postlogin-ac - Common configuration files for PAMified services
written by authconfig(8)SYNOPSIS
The purpose of this configuration file is to provide common configuration file for all applications and service daemons calling PAM
The system-auth configuration file is included from all individual service configuration files with the help of the include directive. When
authconfig(8) writes the system PAM configuration file it replaces the default system-auth file with a symlink pointing to system-auth-ac
and writes the configuration to this file. The symlink is not changed on subsequent configuration changes even if it points elsewhere. This
allows system administrators to override the configuration written by authconfig.
The authconfig now writes the authentication modules also into additional PAM configuration files /etc/pam.d/password-auth-ac,
/etc/pam.d/smartcard-auth-ac, and /etc/pam.d/fingerprint-auth-ac. These configuration files contain only modules which perform authentica-
tion with the respective kinds of authentication tokens. For example /etc/pam.d/smartcard-auth[-ac] will not contain pam_unix and pam_ldap
modules and /etc/pam.d/password-auth[-ac] will not contain pam_pkcs11 and pam_fprintd modules.
The file /etc/pam.d/postlogin-ac contains common services to be invoked after login. An example can be a module that encrypts an user's
filesystem or user's keyring and is decrypted by his password.
The PAM configuration files of services which are accessed by remote connections such as sshd or ftpd now include the /etc/pam.d/password-
auth configuration file instead of /etc/pam.d/system-auth.
Configure system to use pam_tally2 for configuration of maximum number of failed logins. Also call pam_access to verify if access is
Make system-auth symlink point to system-auth-local which contains:
auth requisite pam_access.so
auth requisite pam_tally2.so deny=3 lock_time=30
auth include system-auth-ac
account required pam_tally2.so
account include system-auth-ac
password include system-auth-ac
session include system-auth-ac
SEE ALSO authconfig(8), authconfig-gtk(8), pam(8), system-auth(5)Red Hat, Inc. 2010 March 31 SYSTEM-AUTH-AC(5)
I've got Solaris 9.
I've read that I can do a login script for each individual user with the .postlogin file, but is there not a way to set up something like that from a group-membership level?
If there is, how can one trace down what group membership login scripts are being run? (0 Replies)
I am currently tring to setup a system to monitor (also for billing purpose) all the instruments in our facility (university reserch instrumentation facility). The OS's running on these computers include Windows, Redhat and Solaris (Solaris 9 in csh). I have managed to get login/off... (7 Replies)
I have a requirement to add a warning banner to the Solaris 11 login screen. Adding the banner was pretty easy in Solaris 10 by changing *Dtlogin. Does anyone know how to make the change in Solaris !!? (3 Replies)
I have Windows AD server and all of the linux computers are joined to AD.
Recently, 2FA has been activated, I wish to exclude some of the domain service accounts from 2FA
# less /etc/pam_radius_acl.conf
auth required pam_sepermit.so
auth requisite... (0 Replies)