Manualshelf

Service manual

ManualsBrandsCyclades ManualsComputer equipmentAccess Router Cyclades-PR1000
191192193194195196197198199200
193Appendix J Linux-PAM
Cyclades-TS Installation & Service Manual
Example configuration file entries
This section gives some examples of entries that can be present in the Linux-PAM configuration file. As a first
attempt at configuring your system you could do worse than to implement these.
Default policy
If a system is to be considered secure, it had better have a reasonably secure OTHER entry. The following is a
paranoid setting (which is not a bad place to start!):
#
# default; deny access
#
OTHER auth required pam_deny.so
OTHER account required pam_deny.so
OTHER password required pam_deny.so
OTHER session required pam_deny.so
Whilst fundamentally a secure default, this is not very sympathetic to a misconfigured system. For example, such
a system is vulnerable to locking everyone out should the rest of the file become badly written.
The module pam_deny not very sophisticated. For example, it logs no information when it is invoked so unless
the users of a system contact the administrator when failing to execute a service application, the administrator
may go for a long while in ignorance of the fact that his system is misconfigured.
The addition of the following line before those in the above example would provide a suitable warning to the
administrator.