PAM Flashcards
1
Q
PAM config files
A
/etc/pam.d/
2
Q
Docs for PAM
A
/usr/share/pam-x.x.x/txt
3
Q
Create an account lockout policy with PAM
A
vim /etc/pam.d/password-auth
/etc/pam.d/system-auth
add second line:
auth required pam_faillock.so preauth silent audit deny=3 unlock_time=600
add first line into account section:
account required pam_failock.so
add second line into password section:
password required pam_pwhistory.so remember=30 use_authok
4
Q
Sections in PAM
A
auth
account
password
session
5
Q
Control flags
A
Optional -result is ignored
Required -result required to continue (to obfuscate which module failed)
Requisite- required with notification (if it fails, it will kick you out of the process)
Sufficient- result is ignored on failure