Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

system-auth-ac(5) [centos man page]

SYSTEM-AUTH-AC(5)						File Formats Manual						 SYSTEM-AUTH-AC(5)

system-auth-ac, password-auth-ac, smartcard-auth-ac, fingerprint-auth-ac, postlogin-ac - Common configuration files for PAMified services written by authconfig(8) SYNOPSIS
/etc/pam.d/system-auth-ac DESCRIPTION
The purpose of this configuration file is to provide common configuration file for all applications and service daemons calling PAM library. The system-auth configuration file is included from all individual service configuration files with the help of the include directive. When authconfig(8) writes the system PAM configuration file it replaces the default system-auth file with a symlink pointing to system-auth-ac and writes the configuration to this file. The symlink is not changed on subsequent configuration changes even if it points elsewhere. This allows system administrators to override the configuration written by authconfig. The authconfig now writes the authentication modules also into additional PAM configuration files /etc/pam.d/password-auth-ac, /etc/pam.d/smartcard-auth-ac, and /etc/pam.d/fingerprint-auth-ac. These configuration files contain only modules which perform authentica- tion with the respective kinds of authentication tokens. For example /etc/pam.d/smartcard-auth[-ac] will not contain pam_unix and pam_ldap modules and /etc/pam.d/password-auth[-ac] will not contain pam_pkcs11 and pam_fprintd modules. The file /etc/pam.d/postlogin-ac contains common services to be invoked after login. An example can be a module that encrypts an user's filesystem or user's keyring and is decrypted by his password. The PAM configuration files of services which are accessed by remote connections such as sshd or ftpd now include the /etc/pam.d/password- auth configuration file instead of /etc/pam.d/system-auth. EXAMPLE
Configure system to use pam_tally2 for configuration of maximum number of failed logins. Also call pam_access to verify if access is allowed. Make system-auth symlink point to system-auth-local which contains: auth requisite auth requisite deny=3 lock_time=30 unlock_time=3600 auth include system-auth-ac account required account include system-auth-ac password include system-auth-ac session include system-auth-ac BUGS
None known. SEE ALSO
authconfig(8), authconfig-gtk(8), pam(8), system-auth(5) Red Hat, Inc. 2010 March 31 SYSTEM-AUTH-AC(5)

Check Out this Related Man Page

PAM_DEBUG(8)							 Linux-PAM Manual						      PAM_DEBUG(8)

pam_debug - PAM module to debug the PAM stack SYNOPSIS [auth=value] [cred=value] [acct=value] [prechauthtok=value] [chauthtok=value] [auth=value] [open_session=value] [close_session=value] DESCRIPTION
The pam_debug PAM module is intended as a debugging aide for determining how the PAM stack is operating. This module returns what its module arguments tell it to return. OPTIONS
auth=value The pam_sm_authenticate(3) function will return value. cred=value The pam_sm_setcred(3) function will return value. acct=value The pam_sm_acct_mgmt(3) function will return value. prechauthtok=value The pam_sm_chauthtok(3) function will return value if the PAM_PRELIM_CHECK flag is set. chauthtok=value The pam_sm_chauthtok(3) function will return value if the PAM_PRELIM_CHECK flag is not set. open_session=value The pam_sm_open_session(3) function will return value. close_session=value The pam_sm_close_session(3) function will return value. Where value can be one of: success, open_err, symbol_err, service_err, system_err, buf_err, perm_denied, auth_err, cred_insufficient, authinfo_unavail, user_unknown, maxtries, new_authtok_reqd, acct_expired, session_err, cred_unavail, cred_expired, cred_err, no_module_data, conv_err, authtok_err, authtok_recover_err, authtok_lock_busy, authtok_disable_aging, try_again, ignore, abort, authtok_expired, module_unknown, bad_item, conv_again, incomplete. MODULE TYPES PROVIDED
All module types (auth, account, password and session) are provided. RETURN VALUES
PAM_SUCCESS Default return code if no other value was specified, else specified return value. EXAMPLES
auth requisite auth [success=2 default=ok] auth=perm_denied cred=success auth [default=reset] auth=success cred=perm_denied auth [success=done default=die] auth optional auth=perm_denied cred=perm_denied auth sufficient auth=success cred=success SEE ALSO
pam.conf(5), pam.d(5), pam(8) AUTHOR
pam_debug was written by Andrew G. Morgan <>. Linux-PAM Manual 04/01/2010 PAM_DEBUG(8)
Man Page

Featured Tech Videos