Man Pages

system-auth-ac(5) - phpMan system-auth-ac(5) - phpMan

Command: man perldoc info search(apropos)  


SYSTEM-AUTH-AC(5)                                            SYSTEM-AUTH-AC(5)



NAME
       system-auth-ac, password-auth-ac, smartcard-auth-ac, fingerprint-auth-ac - Common configuration files for PAMi-
       fied services written by authconfig(8)


SYNOPSIS
       /etc/pam.d/system-auth-ac



DESCRIPTION
       The purpose of this configuration file is to provide common configuration file for all applications and service
       daemons calling PAM library.


       The system-auth configuration file is included from all individual service configuration files with the help of
       the include directive. When authconfig(8) writes the system PAM configuration file it replaces the default sys-
       tem-auth  file with a symlink pointing to system-auth-ac and writes the configuration to this file. The symlink
       is not changed on subsequent configuration changes even if it points elsewhere. This allows system  administra-
       tors to override the configuration written by authconfig.

       The   authconfig   now  writes  the  authentication  modules  also  into  additional  PAM  configuration  files
       /etc/pam.d/password-auth-ac, /etc/pam.d/smartcard-auth-ac, and /etc/pam.d/fingerprint-auth-ac.  These  configu-
       ration  files  contain  only  modules  which perform authentication with the respective kinds of authentication
       tokens.  For example  /etc/pam.d/smartcard-auth[-ac]  will  not  contain  pam_unix  and  pam_ldap  modules  and
       /etc/pam.d/password-auth[-ac] will not contain pam_pkcs11 and pam_fprintd modules.

       The  PAM  configuration  files  of  services  which are accessed by remote connections such as sshd or ftpd now
       include the /etc/pam.d/password-auth configuration file instead of /etc/pam.d/system-auth.



EXAMPLE
       Configure system to use pam_tally2 for configuration of maximum number of failed logins. Also  call  pam_access
       to verify if access is allowed.

       Make system-auth symlink point to system-auth-local which contains:

       auth            requisite       pam_access.so
       auth            requisite       pam_tally2.so deny=3 lock_time=30 \
                                             unlock_time=3600
       auth            include         system-auth-ac
       account         required        pam_tally2.so
       account         include         system-auth-ac
       password        include         system-auth-ac
       session         include         system-auth-ac



BUGS
       None known.


SEE ALSO
       authconfig(8), authconfig-gtk(8), pam(8), system-auth(5)



Red Hat, Inc.                    2010 March 31               SYSTEM-AUTH-AC(5)