fingerprint-auth-ac

SYSTEM-AUTH-AC(5)             File Formats Manual            SYSTEM-AUTH-AC(5)



NAME
       system-auth-ac, password-auth-ac, smartcard-auth-ac, fingerprint-auth-
       ac, postlogin-ac - Common configuration files for PAMified services
       written by authconfig(8)


SYNOPSIS
       /etc/pam.d/system-auth-ac



DESCRIPTION
       The purpose of this configuration file is to provide common
       configuration file for all applications and service daemons calling PAM
       library.


       The system-auth configuration file is included from all individual
       service configuration files with the help of the include directive.
       When authconfig(8) writes the system PAM configuration file it replaces
       the default system-auth file with a symlink pointing to system-auth-ac
       and writes the configuration to this file. The symlink is not changed
       on subsequent configuration changes even if it points elsewhere. This
       allows system administrators to override the configuration written by
       authconfig.

       The authconfig now writes the authentication modules also into
       additional PAM configuration files /etc/pam.d/password-auth-ac,
       /etc/pam.d/smartcard-auth-ac, and /etc/pam.d/fingerprint-auth-ac.
       These configuration files contain only modules which perform
       authentication with the respective kinds of authentication tokens.  For
       example /etc/pam.d/smartcard-auth[-ac] will not contain pam_unix and
       pam_ldap modules and /etc/pam.d/password-auth[-ac] will not contain
       pam_pkcs11 and pam_fprintd modules.

       The file /etc/pam.d/postlogin-ac contains common services to be invoked
       after login. An example can be a module that encrypts an user's
       filesystem or user's keyring and is decrypted by his password.

       The PAM configuration files of services which are accessed by remote
       connections such as sshd or ftpd now include the /etc/pam.d/password-
       auth configuration file instead of /etc/pam.d/system-auth.



EXAMPLE
       Configure system to use pam_tally2 for configuration of maximum number
       of failed logins. Also call pam_access to verify if access is allowed.

       Make system-auth symlink point to system-auth-local which contains:

       auth            requisite       pam_access.so
       auth            requisite       pam_tally2.so deny=3 lock_time=30 \
                                             unlock_time=3600
       auth            include         system-auth-ac
       account         required        pam_tally2.so
       account         include         system-auth-ac
       password        include         system-auth-ac
       session         include         system-auth-ac



BUGS
       None known.


SEE ALSO
       authconfig(8), authconfig-gtk(8), pam(8), system-auth(5)




Red Hat, Inc.                    2010 March 31               SYSTEM-AUTH-AC(5)