Changeset 47274444 for postlfs/security/linux-pam.xml
- Timestamp:
- 03/24/2020 07:19:44 PM (4 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- fa3edfef
- Parents:
- 914049f6
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/linux-pam.xml
r914049f6 r47274444 304 304 # End /etc/pam.d/other</literal></screen> 305 305 306 <para>Now set up some generic files. As root:</para> 306 <para> 307 Now set up some generic files. As root: 308 </para> 307 309 308 310 <screen role="root"><userinput>install -vdm755 /etc/pam.d && … … 331 333 EOF</userinput></screen> 332 334 333 <para>The remaining generic file depends on whether <xref linkend="cracklib"/> 334 is installed. If it is installed, use:</para> 335 <para> 336 The remaining generic file depends on whether <xref 337 linkend="cracklib"/> is installed. If it is installed, use: 338 </para> 335 339 336 340 <screen role="root"><userinput>cat > /etc/pam.d/system-password << "EOF" … … 352 356 EOF</userinput></screen> 353 357 354 <note> 355 <para> 356 In its default configuration, pam_cracklib will 357 allow multiple case passwords as short as 6 characters, even with 358 the <parameter>minlen</parameter> value set to 11. You should review 359 the pam_cracklib(8) man page and determine if these default values 360 are acceptable for the security of your system. 361 </para> 362 </note> 363 364 <para>If <xref linkend="cracklib"/> is <emphasis>NOT</emphasis> installed, 365 use:</para> 358 <note> 359 <para> 360 In its default configuration, pam_cracklib will 361 allow multiple case passwords as short as 6 characters, even with 362 the <parameter>minlen</parameter> value set to 11. You should review 363 the pam_cracklib(8) man page and determine if these default values 364 are acceptable for the security of your system. 365 </para> 366 </note> 367 368 <para> 369 If <xref linkend="cracklib"/> is <emphasis>NOT</emphasis> installed, 370 use: 371 </para> 366 372 367 373 <screen role="nodump"><userinput>cat > /etc/pam.d/system-password << "EOF" … … 375 381 EOF</userinput></screen> 376 382 377 <para>Now add a restrictive <filename>/etc/pam.d/other</filename> 378 configuration file. With this file, programs that are PAM aware will not 379 run unless a configuration file specifically for that application is 380 created.</para> 383 <para> 384 Now add a restrictive <filename>/etc/pam.d/other</filename> 385 configuration file. With this file, programs that are PAM aware will 386 not run unless a configuration file specifically for that application 387 is created. 388 </para> 381 389 382 390 <screen role="root"><userinput>cat > /etc/pam.d/other << "EOF" … … 398 406 The <application>PAM</application> man page (<command>man 399 407 pam</command>) provides a good starting point for descriptions 400 of fields and allowable entries. The <ulink 401 url="http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_SAG.html">Linux-PAM 402 System Administrators' Guide</ulink> is recommended for additional 403 information. 404 </para> 405 <!-- No longer there 406 <para> 407 Refer to <ulink url="&debian-pam-docs;/modules.html"/> for a list 408 of various third-party modules available. 409 </para> 410 --> 408 of fields and allowable entries. The 409 <ulink url="http://www.linux-pam.org/Linux-PAM-html/Linux-PAM_SAG.html"> 410 Linux-PAM System Administrators' Guide 411 </ulink> is recommended for additional information. 412 </para> 413 411 414 <important> 412 415 <para>
Note:
See TracChangeset
for help on using the changeset viewer.