Changeset 3e8fb4c for postlfs/security/shadow.xml
- Timestamp:
- 09/25/2010 05:32:25 AM (14 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- e059c43
- Parents:
- 45857592
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/shadow.xml
r45857592 r3e8fb4c 233 233 <listitem> 234 234 <para><ulink 235 url="http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/ pam-6.html#ss6.3"/></para>235 url="http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_cracklib.html"/></para> 236 236 </listitem> 237 237 <listitem> … … 297 297 298 298 <sect4> 299 <title>'login' (with CrackLib)</title> 300 301 <screen role="root"><userinput>cat > /etc/pam.d/login << "EOF" 302 <literal># Begin /etc/pam.d/login 303 304 auth requisite pam_nologin.so 305 auth required pam_securetty.so 306 auth required pam_unix.so 307 account required pam_access.so 308 account required pam_unix.so 309 session required pam_env.so 310 session required pam_motd.so 311 session required pam_limits.so 312 session optional pam_mail.so dir=/var/mail standard 313 session optional pam_lastlog.so 314 session required pam_unix.so 315 password required pam_cracklib.so retry=3 316 password required pam_unix.so md5 shadow use_authtok 317 318 # End /etc/pam.d/login</literal> 319 EOF</userinput></screen> 320 321 </sect4> 322 323 <sect4> 324 <title>'login' (without CrackLib)</title> 325 326 <screen role="root"><userinput>cat > /etc/pam.d/login << "EOF" 327 <literal># Begin /etc/pam.d/login 328 329 auth requisite pam_nologin.so 330 auth required pam_securetty.so 331 auth required pam_env.so 332 auth required pam_unix.so 333 account required pam_access.so 334 account required pam_unix.so 335 session required pam_motd.so 336 session required pam_limits.so 337 session optional pam_mail.so dir=/var/mail standard 338 session optional pam_lastlog.so 339 session required pam_unix.so 340 password required pam_unix.so md5 shadow 341 342 # End /etc/pam.d/login</literal> 343 EOF</userinput></screen> 344 345 </sect4> 346 347 <sect4> 348 <title>'passwd' (with CrackLib)</title> 349 350 <screen role="root"><userinput>cat > /etc/pam.d/passwd << "EOF" 351 <literal># Begin /etc/pam.d/passwd 352 353 password required pam_cracklib.so type=Linux retry=1 \ 354 difok=5 diffignore=23 minlen=9 \ 355 dcredit=1 ucredit=1 lcredit=1 \ 356 ocredit=1 \ 357 dictpath=/lib/cracklib/pw_dict 358 password required pam_unix.so md5 shadow use_authtok 359 360 # End /etc/pam.d/passwd</literal> 299 <title>'system-account'</title> 300 301 <screen role="root"><userinput>cat > /etc/pam.d/system-account << "EOF" 302 <literal># Begin /etc/pam.d/system-account 303 304 account required pam_unix.so 305 306 # End /etc/pam.d/system-account</literal> 307 EOF</userinput></screen> 308 309 </sect4> 310 311 <sect4> 312 <title>'system-auth'</title> 313 314 <screen role="root"><userinput>cat > /etc/pam.d/system-auth << "EOF" 315 <literal># Begin /etc/pam.d/system-auth 316 317 auth required pam_unix.so 318 319 # End /etc/pam.d/system-auth</literal> 320 EOF</userinput></screen> 321 322 </sect4> 323 324 <sect4> 325 <title>'system-passwd' (with cracklib)</title> 326 327 <screen role="root"><userinput>cat > /etc/pam.d/system-password << "EOF" 328 <literal># Begin /etc/pam.d/system-password 329 330 # check new passwords for strength (man pam_cracklib) 331 password required pam_cracklib.so type=Linux retry=3 difok=5 \ 332 difignore=23 minlen=9 dcredit=1 \ 333 ucredit=1 lcredit=1 ocredit=1 \ 334 dictpath=/lib/cracklib/pw_dict 335 # use sha512 hash for encryption, use shadow, and use the 336 # authentication token (chosen password) set by pam_cracklib 337 # above (or any previous modules) 338 password required pam_unix.so sha512 shadow use_authtok 339 340 # End /etc/pam.d/system-password</literal> 361 341 EOF</userinput></screen> 362 342 … … 369 349 370 350 </sect4> 371 372 <sect4> 373 <title>'passwd' (without CrackLib)</title> 351 352 <sect4> 353 <title>'system-passwd' (without cracklib)</title> 354 355 <screen role="root"><userinput>cat > /etc/pam.d/system-password << "EOF" 356 <literal># Begin /etc/pam.d/system-password 357 358 # use sha512 hash for encryption, use shadow, and try to use any perviously 359 # defined authentication token (chosen password) set by any prior module 360 password required pam_unix.so sha512 shadow try_first_pass 361 362 # End /etc/pam.d/system-password</literal> 363 EOF</userinput></screen> 364 365 </sect4> 366 367 <sect4> 368 <title>'system-session'</title> 369 370 <screen role="root"><userinput>cat > /etc/pam.d/system-session << "EOF" 371 <literal># Begin /etc/pam.d/system-session 372 373 session required pam_unix.so 374 375 # End /etc/pam.d/system-session</literal> 376 EOF</userinput></screen> 377 378 </sect4> 379 380 <sect4> 381 <title>'login'</title> 382 383 <screen role="root"><userinput>cat > /etc/pam.d/login << "EOF" 384 <literal># Begin /etc/pam.d/login 385 386 # Set failure delay before next prompt to 3 seconds 387 auth optional pam_faildelay.so delay=3000000 388 389 # Check to make sure that the user is allowed to login 390 auth requisite pam_nologin.so 391 392 # Check to make sure that root is allowed to login 393 auth required pam_securetty.so 394 395 # Additional group memberships - disabled by default 396 #auth optional pam_group.so 397 398 # include the default auth settings 399 auth include system-auth 400 401 # check access for the user 402 account required pam_access.so 403 404 # include the default account settings 405 account include system-account 406 407 # Set default environment variables for the user 408 session required pam_env.so 409 410 # Set resource limits for the user 411 session required pam_limits.so 412 413 # Display date of last login - Disabled by default 414 #session optional pam_lastlog.so 415 416 # Display the message of the day - Disabled by default 417 #session optional pam_motd.so 418 419 # Check user's mail - Disabled by default 420 #session optional pam_mail.so standard quiet 421 422 # Use xauth keys (if available) 423 session optional pam_xauth.so 424 425 # include the default session and password settings 426 session include system-session 427 password include system-password 428 429 # End /etc/pam.d/login</literal> 430 EOF</userinput></screen> 431 432 </sect4> 433 434 <sect4> 435 <title>'passwd'</title> 374 436 375 437 <screen role="root"><userinput>cat > /etc/pam.d/passwd << "EOF" 376 438 <literal># Begin /etc/pam.d/passwd 377 439 378 password required pam_unix.so md5 shadow440 password include system-password 379 441 380 442 # End /etc/pam.d/passwd</literal> … … 389 451 <literal># Begin /etc/pam.d/su 390 452 391 auth sufficient pam_rootok.so 392 auth required pam_unix.so 393 account required pam_unix.so 394 session optional pam_mail.so dir=/var/mail standard 395 session optional pam_xauth.so 396 session required pam_env.so 397 session required pam_unix.so 453 # always allow root 454 auth sufficient pam_rootok.so 455 456 # include the default account settings 457 account include system-account 458 459 # Use xauth keys (if available) 460 session optional pam_xauth.so 461 462 # Set default environment variables for the service user 463 session required pam_env.so 464 465 # include system session defaults 466 session include system-session 398 467 399 468 # End /etc/pam.d/su</literal> … … 406 475 407 476 <screen role="root"><userinput>cat > /etc/pam.d/chage << "EOF" 408 <literal># Begin /etc/pam.d/chage 409 410 auth sufficient pam_rootok.so 411 auth required pam_unix.so 412 account required pam_unix.so 413 session required pam_unix.so 414 password required pam_permit.so 477 <literal>#Begin /etc/pam.d/chage 478 479 # always allow root 480 auth sufficient pam_rootok.so 481 482 # include system defaults for auth account and session 483 auth include system-auth 484 account include system-account 485 session include system-session 486 487 # Always permit for authentication updates 488 password required pam_permit.so 415 489 416 490 # End /etc/pam.d/chage</literal> … … 465 539 <literal># Begin /etc/pam.d/other 466 540 541 auth required pam_warn.so 467 542 auth required pam_deny.so 468 a uthrequired pam_warn.so543 account required pam_warn.so 469 544 account required pam_deny.so 470 accountrequired pam_warn.so545 password required pam_warn.so 471 546 password required pam_deny.so 472 passwordrequired pam_warn.so547 session required pam_warn.so 473 548 session required pam_deny.so 474 session required pam_warn.so475 549 476 550 # End /etc/pam.d/other</literal>
Note:
See TracChangeset
for help on using the changeset viewer.